eZ Community » Blogs » eZ » Keeping your eZ Publish 5.x & it's...

By

Keeping your eZ Publish 5.x & it's Symfony install secure

Friday 09 August 2013 4:19:15 pm

  • Currently 5 out of 5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

eZ Publish is a CMS that have always taken security seriously, however all software have bugs. This post will help you be on top of security on eZ Publish 5.x.

Recently in security

List of security fixes applied to eZ Publish on 8th of august 2013

In case you missed it, on Wednesday 7th, Symfony announced 2 security issues, and on the 8th we published 9 security advisories online for eZ Publish, one of them being one of the Symfony issues that happens to affect eZ Publish 5.x/2013.0x.

First, if you are on eZ Publish Enterprise/Platform with all service packs and support provided security patches applied, then you can relax a bit. Only the mentioned Symfony issue is something you must look into if your on version 5.0 or 5.1.

Secondly if your already on eZ Publish Community Project v2013.07 that where release the other day, then all should be ok already.

For all other Community Project versions, here is an overview of the security advisories published on the 8th of august 2013:

 

 

Sources of security announcements

So if you didn't know about these, here is where to always find information about security concerning your eZ Publish 5.x setup.

There are primarily three sources of security info you should know about when your running a eZ Publish 5.x site:

  1. eZ Publish:
    • Enterprise (Platform) supported version: Patches will be sent to you ahead of public community announcement
    • Community Project: Patches are always attached to public Security Advisories (notifications, rss & twitter announcements by @ezcommunity)
  2. Symfony: Security patches are always announced on the Symfony.com Security Advisory blog section (rss & twitter)
  3. OS: Provided you make sure to use the officially supported packages from the Linux distribution your running eZ Publish on, then following their security advisories should normally be enough, for more info see security pages for RedHat, CentOs, Debian and Ubuntu. These places usually announce fixes available via the main package repository as well as PHP specific repository like PEAR and PECL.

 

That is actually it, hope this helps in knowing a bit more where to look, so until next time; stay safe ;)

Proudly Developed with from