Yesterday, a serious vulnerability in the PHP XML parser used by WordPress and Drupal was announced. After some great collaboration between the core developers of those applications, new versions that address the issue were released for both WordPress and Drupal. We are proactively addressing the issue too:
- Our security team has been addressing the issue on the server level. We have discerned unwanted activity during last week and have applied certain firewall rules to mitigate it even before the exploited issue was announced. Once we became aware of the officially published details of the problem, we were able to refine our server level defense. Our team is on the guard and ready to add a future improvement if needed.
- All WordPress users, who use our autoupdater will be updated to the newest version in 24 hours after the announcement was made
- All WordPress users, who do not use our autoupdater but are on a version 3.7 or higher will be automatically updated by the native WordPress update function too.
- Once the automatic updates are done, we will scan our servers for outdated WordPress versions and will contact by email their users to recommend update.
- We will also contact all Drupal users on our servers, whose applications are not updated and will strongly encourage them to go ahead and get the latest version.