Most people communicating on the internet are using SIP calling. Here’s how to make free SIP calls — and when you shouldn’t.

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

Solution: 

Install the latest version:

• If you are using Drupal 7, update to Drupal 7.102.
• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Fabian Franz
• Juraj Nemec of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team
• Dave Long of the Drupal Security Team
• Alex Pott of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.
• Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

AI is transforming supply chain automation, enabling retailers to optimize operations and innovate with machine learning and generative AI.

Project: Drupal coreDate: 2024-November-20Security risk: Less critical 8 ∕ 25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Gadget chainAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core's classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.
• Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Drew Webber of the Drupal Security Team

Fixed By: 

• Drew Webber of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Critical 17 ∕ 25 AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: 

Drupal 7 core's Overlay module doesn't safely handle user input, leading to reflected cross-site scripting under certain circumstances.

Only sites with the Overlay module enabled are affected by this vulnerability.

Solution: 

Install the latest version:

• If you are using Drupal 7, update to Drupal 7.102
• Sites may also disable the Overlay module to avoid the issue.

Drupal 10 and Drupal 11 are not affected, as the Overlay module was removed from Drupal core in Drupal 8.

Reported By: 

• Cesar

Fixed By: 

• Cesar
• Greg Knaddison of the Drupal Security Team
• Matthew Grill
• Wim Leers
• Drew Webber of the Drupal Security Team
• Ra Mänd
• Fabian Franz
• Juraj Nemec of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 10 ∕ 25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassAffected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation.

As a result, a user may be able to register with the same email address as another user.

This may lead to data integrity issues.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.
• Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Updating Drupal will not solve potential issues with existing accounts affected by this bug. See Fixing emails that vary only by case for additional guidance.

Reported By: 

• Wayne Eaker

Fixed By: 

• Wayne Eaker
• cilefen of the Drupal Security Team
• Kristiaan Van den Eynde
• Drew Webber of the Drupal Security Team
• Lee Rowlands of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Benji Fisher of the Drupal Security Team
• xjm of the Drupal Security Team

Project: Drupal coreDate: 2024-November-20Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: >= 8.8.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8Description: 

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized.

Solution: 

Install the latest version:

• If you are using Drupal 10.2, update to Drupal 10.2.11.
• If you are using Drupal 10.3, update to Drupal 10.3.9.
• If you are using Drupal 11.0, update to Drupal 11.0.8.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 

• Jay Beaton

Fixed By: 

• Lee Rowlands of the Drupal Security Team
• catch of the Drupal Security Team
• Mingsong
• Juraj Nemec of the Drupal Security Team
• Dave Long of the Drupal Security Team
• Benji Fisher of the Drupal Security Team

Coordinated By: 

• Juraj Nemec of the Drupal Security Team
• Greg Knaddison of the Drupal Security Team

With Messenger, we’ve made it simple to connect with the people who matter in your life, whether that means sending Reels to friends or video calling loved ones. Around the world, people  collectively spend over 7 billion minutes on calls across Facebook and Messenger every day, and we’re constantly working on new ways to enhance the experience. 

That’s why today, we’re announcing new Messenger Calling features, many of which are some of our most requested. Now, calling is easier, more reliable and more fun. 

AI Backgrounds in Video Calling

In September, we announced new ways to personalize Messenger chat themes with unique, AI-generated images from Meta AI. Soon, you’ll be able to use AI backgrounds in Messenger video calls to reflect how you’re feeling or just add a little excitement to your call. 

To start creating your personalized AI background, tap on the effects icon in the sidebar of your next video call and select “Backgrounds.” 

HD Video Calls and Noise Suppression

We’re introducing HD video calls, background noise suppression and voice isolation to help you make clearer, higher-quality calls directly from Messenger. Talking digitally will feel more than ever like being in a room together. 

Click to view slideshow.

HD will be enabled by default for video calls made on WiFi.  To enable HD for video calls on cellular data, go to your call settings and turn on “Mobile data for HD video.” 

Background noise suppression and voice isolation can be enabled via call settings in Messenger. 

Audio and Video Messages

Messenger Calling is becoming more and more like a fully outfitted phone, plus some extra features.  Now, you can leave audio or video voice messages when your friends can’t pick up. 

Click to view slideshow.

Tap the “Record message” button to leave an audio message for unanswered audio calls or a video message for unanswered video calls. 

Hands-Free Calling and Messaging

When your hands are full or your phone is out of reach, you can now ask Siri to help you make your calls and messages wherever you are. Try something like: “Hey Siri, send a message to Cassandra on Messenger” and then dictate what that message will be.  

The post Introducing AI Backgrounds, HD Video Calls, Noise Suppression and More for Messenger Calling appeared first on Meta.

Sourcegraph's Cody AI assistant, integrated with Google's Gemini 1.5 Flash, can evaluate the advantages of using long-context windows in AI models for code generation and understanding.

Here is a recap of what happened in the search forums today...

El Capitan, built by HPE, tops the 2024 TOP500 list as the world’s fastest supercomputer, driving breakthroughs in AI, nuclear research, and energy.

Google has updated its site reputation abuse policy to expand what is included in abuse. It now includes third-party content that has first-party involvement or content oversight. Google also dropped a mention of the starkly different content algorithm but made no mention that site reputation abuse is enforced algorithmically'"so it must still be only through manual actions.

Google announced new shopping features through Google Lens to help with in-store shopping and local shopping. Google said, "Google Lens can quickly show you product insights tailored to the store you're in. Just snap a photo to find product information, similar products in-stock, whether a store's price is competitive and shopper reviews."

Google has updated its guide to Google Search ranking systems to mention at the top of the page that it uses both page-level and site-wide signals for search rankings. There was a debate on this after the Google creator summit about Google possibly saying they only have page level signals, so this may clear things up a bit.

Is OpenAI, its ChatGPT service, taking market share from Google? Well, maybe. Rand Fishkin of Sparktoro posted his assumptions based on a mix of data from SimilarWeb and Datos that says ChatGPT's current market share is 4.33% - that is from October 2024 data.

Microsoft is testing categorizing the videos within its Bing video search results. Bing's video search interface can show at the top a featured video for the query, then trending videos related to the query, then short videos, then a related category of videos, followed by the normal video thumbnails.

Microsoft Visual Studio Professional 2022 for Windows allows you to code with teams across platforms and languages, and offers advanced tools to ensure accuracy. Now at $27.97 through November 21.

Today, we're announcing that Francois Chollet, the creator of Keras and a leading figure in the AI world, is embarking on a new chapter in his career outside of Google.

The first Web AI Summit, hosted by Google on October 18, 2024, brought together experts in machine learning models for web browsers.