Comprueba si tus sistemas están al día. Importantes fallos de seguridad en Apache y Rails han sido descubiertos y publicados, así como sus correspondientes parches.
En Apache se ha descubierto una vulnerabilidad que permite realizar un ataque de denegacion de servicio y en rails es posible realizar XSS y SQL Injection.
A continuación más detalles :
Apache: http://www.debian.org/security/2011/dsa-2298
Nueva versión de prestashop 1.4.4.0 que corrige cientos de bugs y algunas mejoras
Added Features: [+] Project : adding RTL language management [+] BO : new class Upgrader to check PrestaShop version or download last version. [+] BO : new file ajax-tab.php, you can now make request without ajax.php and handle them directly in the appropriate AdminXXX [+] BO : new tab AdminUpgrade can now automatize the upgrade process. Thanks a lot to Broceliande/Eric Dolou for his great help [+] CORE : Add the possibility to personalize an address layout with special chars. [+] MO : A better view of the currency used by the module. [+] MO : Fetch content use more than one method (CURL, fopen, fsockopen and file_get_content) [+] MO : Moneybookers, Add the possibility to display the logo in the front Office (works with live edit). [+] MO : New Module - Canada Post (0.1) [+] MO : new module dedicated to german users which enable you to display legal notice on the customer account creation Improved/changed features: [*] Installer : improve installer template [*] Installer : now class ConfigurationTest is located in classes directory and renamed to ConfigurationTestCore [*] Installer : now method tryToConnect don't use an existing ressource except if specified [*] Installer : php directory is now directly related to INSTALL_DIR [*] FO : #PSCFI-2691 - Adding index.php file for redirection [*] FO : CC-24 - Adding previous button for the address creation [*] FO : CC-32 - Adding a checkbox for the displaying of "Powered by PS" [*] FO : CC-93 - Review of the compare product system [*] FO : CC-93 - Review of the compare product system. Adding CompareProduct class [*] FO : Change the id "passwd" by "login_passwd" to avoid ambiguous id in OPC ordering (with guest authorization). [*] FO : Fixed #PSCFI-2176 - now you can use vars in your mail subject [*] FO : Update the jquery.cluetip.js library. From V0.9.9 to V1.1.3 [*] BO : Add option to disable apache option multiviews. Linked with #PSCFI-2597 [*] BO : Added check for safe_mode before activating new image system [*] BO : Added compatibility check before moving images to the new filesystem [*] BO : AdminTab childs can now handle ajax request like index.php (with tab and token params) using specific method ajaxProcess [*] BO : Bug Fixed #PSCFI-2282 - Shipping Prices Range with a tax excluded group [*] BO : CC-108 - Remove informations about stocks in AdminProducts when the stock management is disabled [*] BO : CC-26 - Adding German and Italian translations [*] BO : CC-26 - Rename Alias Tab as Alias Research [*] BO : CC-50 - Increasing the size of the description area [*] BO : CC-99 - Better visibility for the delete module button [*] BO : FA-35 - Changing manufacturer translation in French for the BO. Replaced "fabricant" by "marque" [*] BO : FA-35 - Changing manufacturer translation in French for the BO. Replaced "fabricant" by "marque" [*] BO : Fixed bug PSCFI-2416 - The whole search index is not rewritten when you update a single product [*] BO : It is now possible to edit the field date_add with AdminImport [*] BO : Upgrader class now also check if autoupgrade is indicated for the last version, from http://www.prestashop.com/xml/version.xml [*] BO : added alert if attachment is bind to a product [*] BO : backup directory is now a static definition in Backup class [*] BO : improve CSV import when no csv file is available [*] BO : improve category listing in product edition and loyalty module [*] BO : improved Upgrader to check ps version [*] BO : improved backup class [*] BO : refactoring #PSCFI-2458 - AdminCarrier when Zone disabled & overcomplex processing ( Carrier ) [*] BO : the new image filesystem is now entirely deactivated when the legacy setting is activated [*] Classes : improvement #PSCFI-2278 - Don't die in Mail::send() method [*] Classes : improvement #PSCFI-2278 - refactoring [*] Classes : improvement #PSCFI-2440 - Tools class improvements [*] MO : Adding traduction for blockcms [*] MO : New Admin Panel for "Layered Navigation" module, "Build your own template" feature! [*] MO : Now use the variable Calcul_mode in the hash of the cache [*] MO : Numerous bugs fixed for the "Layered Navigation" module [*] MO : Numerous bugs fixed for the "Layered Navigation" module [*] MO : Translations and changes on TrustedShop module [*] MO : Translations and changes on TrustedShop module (part 2) [*] MO : Upgrade on the UPS module (from enigma32, thx to him[*] MO : Upgrade on the USPS module (from enigma32, thx to him
Según publica SecurityByDefault con pelos y señales, la versión 2.3.4 fue comprometida y se introdujo una puerta trasera. La puerta trasera consiste en poner como usuario “:)” lo que provocaría que se abriese una shell en el puerto 6200.
Muy recomendable leerse el documento complento en SecurityByDefault.
Gracias a Malakun por el enlace
Vaya con ubuntu… no me esperaba esto. Normalmente en Debian cuando no está bien configurado el idioma local, basta con reconfigurar el paquete de esta manera :
sudo dpkg-reconfigure --frontend=dialog --priority=low locales
Con las opciones forzamos a que los mensajes sean vía dialogo con libncurses y la prioridad es que nos pregunte cualquier opción necesaria para configurar el paquete , no sólo las importantes. Como decíamos en debian, con esto es suficiente.
El error que normalmente aparece es algo asi :
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
El caso es que hoy con un servidor ubuntu…. esto no hace na de naaaaa y he estado indagando y parace que hace falta definir qué idiomas son los válidos en el directorio /var/lib/locales/supported.d.
En la documentación de Ubuntu nos encontramos información, pero no es muy clara https://wiki.ubuntu.com/LocalesThatDontSuck
La configuración correcta la podemos hacer así :
Instalamos el paquete con los idiomas en nuestro caso inglés
apt-get install language-pack-en
Como el inglés tiene bastante variantes le vamos a dejar sólo la americana en_US. Para ello editamos el fichero /var/lib/locales/supported.d/en y dejamos sólo esta linea:
en_US.UTF-8 UTF-8
Ahora configuramos el idioma por defecto con
update-locale LANG=en_US
Ya tenemos generado el fichero que necesitabamos en /etc/default/locale
# File generated by update-locale LANG=en_US
y con esto el problema queda solucionado.
Hace unos días se liberó la release 1.4.3.0 de Prestashop
En esta ocasión se han corregido una buena cantidad de bugs, las mejoras y cambios tampoco son notables.
http://svn.prestashop.com/trunk/CHANGELOG
http://svn.prestashop.com/tags/1.4.3.0/CHANGELOG
Release Notes for PrestaShop 1.4 -------------------------------- #################################### # v1.4.3.0 - 7119 (2011-06-16) # #################################### Added Features: [+] Installer : Refuse to index the page by robots [+] BO : Added button "Add my IP" [+] BO : Adding pagination to the customers list [+] BO : added the option to move product images to the new filesystem [+] Classes : added manufacturer name and id in ProductSale::getBestSales(); [+] Classes : added manufacturer name and id in ProductSale::getBestSales(); without sql error[+] MO : MondialRelay, add fields personalization and fix js [+] MO : Refactoring Module dejala and LiveZilla [+] MO : layered module - real time URL building (ability to give the URL to someone) Improved/changed features: [*] Project : Removed "if class_exists" in autoload [*] Installer : Now when you install Prestashop, all languages are disabled expect the default language of your shop [*] FO : Fixed Bug #PSCFI-1342 - Gest customer transformation is only applicable when there is no non-guest customer with the same email [*] FO : Fixed Bug #PSCFI-2241 - Error in JS tools.js [*] BO : Added some help on the search configuration page [*] BO : detailled error message when you import from csv [*] Classes : #PSCFI-2061 - removed return statement in constructor [*] Classes : fix issue on cache object return value in method getPosition [*] MO : Fixed bug #PSCFI-2242 - Changes from the 1.3.x version have not been added to the 1.4 version [*] MO : Treepodia module can now handle more products on their feed [*] MO : eBay module - Some improvments [*] MO : fix issue on loyalty module [*] WS : clean code [*] WS : clean code Fixed bugs: [-] PROJECT : Bug fixed #PSCFI-2119 - Cache was not working well with getRow and getValue (Thanks Remi for the fix
Hace escasos minutos nos ha llegado el mail de invitación para ir probando la versión 10.3 de Parallels.
Como su nombre indica es una preview, la primera, así que incluirán algunos cambios en la versión final.
Para todos aquellos impacientes , aquí teneis un enlace
Ayer se liberó la version 1.4.2.5 de Prestashop build 6780.
Incluye pocos cambios con respecto a las versiones anteriores, que desde que se liberó la 1.4.0 ha mejorado bastante.
####################################
# v1.4.2.5 – 6780 (2011-05-30) #
####################################
Improved/changed features:
[*] Installer : add PS_VERSION_DB configuration data filled after install / upgrade
[*] FO : smarty_v2 improvement : moved currentTemplate init in fetch method instead of display method
[*] Core : module carrier has been disabled on One page checkout when customer isn’t logged
[*] Core : module carrier has been disabled on One page checkout when customer isn’t logged Part 2
Fixed bugs:
[-] Project : fix an issue on Tools::jsonDecode
[-] Installer : fixed bug where categories have incorrect level_depth
[-] FO : Bug Fixed #PSCFI-2077 – Tax rules + customization
[-] FO : Fixed #PSCFI-2051 – weekdays translations are now correct in store_infos google maps
[-] FO : Fixed #PSCFI-2066 – Control terms if terms are activated
[-] FO : On updating address with a bad field, firstname and alias are fill with the post + the registered data.
[-] BO : Fixed bug #PSCFI-2035 – The other messages in this category have been answered
[-] BO : Fixed bug #PSCFI-2073 – avoid crashing the product listing page when you have not enough memory to resize the thumbnails
[-] Classes : fixed bug with cookie name generated from http host causing cookie duplication
[-] MO : Bug fixed #PSCFI-2055 – number_format replaced by round in PayPal Module (Thanks Angora
[-] MO : Bug fixed on eBay Module (when products does not exist)
[-] MO : Fixed bug #PSCFI-1782 – Dibs could not do the callback
[-] MO : adding a message in So Colissimo module, in order to indicate: this module isn’t compliant with OPC feature
Para ver los cambios completos, puedes consultar el CHANGELOG de prestashop
Según el calendario de Quality Assurance de Centos, el día 6 de Junio se pasan las isos a QA para valoración y el día 13 se comenzará con la sincronización a los mirrors. Esperamos tener Centos 6 oficial para ese día.
El calendario podeis verlo aquí
Este error en Plesk 10.x con Postfix aparece cuando el buzón está lleno
El error aparece en el fichero /usr/local/psa/admin/log/maillog
status=bounced (Message can't be delivered )
¿ Tienes problemas con tu proveedor de servicio ? ¿ Estás contento con tu contratación ? Puede que tu experiencia ayude decidir una compra de un servicio, un gran proyecto…
Cuéntanos tus experiencias, publicaremos tus experiencias !!.
Escribe un email a info@hostingaldescubierto.com o contesta en este post.
© 2012 Hosting Al Descubierto · Proudly powered by WordPress & Green Park 2 by Cordobo.
Valid XHTML 1.0 Transitional | Valid CSS 3
