Skip to Main Content

WordPress and Drupal have both released a big security update to prevent XML Quadratic Blowup Attacks.  Everybody is reporting on it, but nobody seems to want to help.  JDM Digital is offering clients a FREE upgrade.

wp-3-9-2

Nir Goldshlager, a security researcher from Salesforce.com’s product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.

The vulnerability uses a well-known XML Quadratic Blowup Attack — and when executed, it can take down an entire website or server almost instantly.

Reported by Mashable:

The XML vulnerability affects WordPress versions 3.5 to 3.9 (the current version) and works on the default installation. It affects Drupal versions 6.x to 7.x (the latest version) and also works on the default installation.

We won’t get into the nitty-gritty (Mashable already did that), but this is a pretty big deal.

The good news is that both WordPress and Drupal have already released patches for their applications.   Better still, since WordPress 3.7, automatic updates for minor releases were included for this very reason.  WordPress users who have already updated to 3.7+ may already have the security patch installed.

JDM Digital HIGHLY recommends you login to your WordPress or Drupal installs and see if you are running the latest version.

A little help?

While everybody is reporting on the problem, damn few are offering to help.  Exclusively for current and former JDM Digital clients, we’re offering a free upgrade if you are not already running the latest version of WordPress or Drupal.

All you have to do is complete this secure form and we’ll take care of the rest for you–for free.

Free?  Yes, free.

What do we want in return?  You can buy us a beer, write an online review, or just give us a hug.  We’re not doing this for any reason other than wanting to help you out.  All we need is you to raise your hand.

Not a JDM client?

The offer is available ONLY to JDM clients.  We just can’t be responsible for everybody’s outdated CMS.  That said, we’ve published a ton of helpful articles publicly for non-clients to review on our support site, including:

Let us know how you get on in comments below.  We’ll be online all weekend.

 

Share the love:

Discussion

Comments are now closed.

Get the Email

Join 1000+ other subscribers. Only 1 digest email per month. We'll never share your address. Unsubscribe anytime. It won't hurt our feelings (much).

Preview Email