On Tue, 2015-12-01 at 17:39 +0000, Andrew McNab wrote:
> >
> > Many thanks for your patience, Tom
>
> In case anyone is worried, the Wiki is still at
> https://www.gridpp.ac.uk/wiki/ and all of the rest of the old content
> is now at https://archive.gridpp.ac.uk/
Hmmm...
I notice that '/admin/' allows me access (which I believe to be
intentional) but the message I am greeted with has me somewhat worried:
"WordPress 4.3.1 is available! Please notify the site administrator."
According to the release notes for this version of WordPress:
> On September 15, 2015, WordPress 4.3.1 was released to the public.
> This is a security update for all previous WordPress versions.
>
> This release addresses three issues, including two cross-site
> scripting vulnerabilities and a potential privilege escalation.
>
>
> WordPress versions 4.3 and earlier are vulnerable to a cross-site
> scripting vulnerability when processing shortcode tags (CVE-2015
> -5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
> A separate cross-site scripting vulnerability was found in the
> user list table. Reported by Ben Bidner of the WordPress security
> team.
> Finally, in certain cases, users without proper permissions could
> publish private posts and make them sticky (CVE-2015-5715). Reported
> by Shahar Tal and Netanel Rubin of Check Point.
In short, if we are going to be running WordPress, someone needs to be
keeping it up to date.
I would also like to highlight the lack of IPv6 (no AAAA record in DNS)
for the site and given that yesterday, I made a plea for better
availability of IPv6 connectivity to senior network staff from various
ac.uk institutions on behalf of GridPP at the JISC IPv6 Deployment
Workshop, would it be possible to enable the site to be accessed via
IPv6 ?
This might not have been the kind of feedback you were expecting but I
feel that it is relevant nonetheless.
Regards,
Terry
--
Terry Froy
Cluster Systems Manager, Particle Physics
Queen Mary, University of London
Tel: +44 (0)207 882 6560
E-mail: [log in to unmask]
|