Synology updated three of their packages today. Directory Server, GLPI and WordPress were all updated. WordPress is the only package update that specifically lists security fixes.
Directory Server was updated to version 2.0–2321 to accommodate the Google API change when using Directory Server as the backend authentication server for Google Apps. This is the only change listed.
GLPI was updated to version 0.85.4-0025, documented changes include:
- Upgraded to 0.85.4. (The GLPI release notes don’t list any security updtaes for this version.
- Minor bug fixes.
The WordPress package was update to version 4.2.4-039.
According to the release notes it was updated to WordPress 4.1.5 to address multiple security vulnerabilities (CVE–2015–3438, CVE–2015–3439, CVE–2015–3440, CVE–2015–5623). But WordPress itself reports that it is version 4.2.1 once it is installed. In looking at the release notes WordPress was updated to version 4.1.5 multiple times so this appears to be a copy/paste problem.
It’s worth noting that the Synology package lags behind the version of WordPress available at WordPress.org which is currently WordPress 4.3, released on August 18th. WordPress released version 4.2.1 back on April 27th. On August 4th they released version 4.2.4 which also contains additional security fixes. You can update WordPress through the WordPress dashboard which should be done if your Synology NAS is on the internet.
After installing the Synology WordPress package I was able to update to WordPress 4.3 through the WordPress dashboard without any problems. Standard plugins and themese also needed updated from the versions included in the package.