CMS Joomla (changelog)

 

Joomla 3.9.25

Security Issues Fixed

[20210301] Low Severity - Low Impact - Insecure randomness within 2FA secret generation (affecting Joomla! 3.2.0 through 3.9.24)
[20210302] Low Severity - Low Impact - Potential Insecure FOFEncryptRandval (affecting Joomla! 3.2.0 through 3.9.24)
[20210303] Low Severity - Moderate Impact - XSS within alert messages showed to users (affecting Joomla! 2.5.0 through 3.9.24)
[20210304] Low Severity - Moderate Impact - XSS within the feed parser library (affecting Joomla! 2.5.0 through 3.9.24)
[20210305] Low Severity - Low Impact - Input validation within the template manager (affecting Joomla! 3.2.0 through 3.9.24)
[20210306] Low Severity - Moderate Impact - com_media allowed paths that are not intended for image uploads (affecting Joomla! 3.0.0 through 3.9.24)
[20210307] Low Severity - Moderate Impact - ACL violation within com_content frontend editing (affecting Joomla! 3.0.0 through 3.9.24)
[20210308] Low Severity - Moderate Impact - Path Traversal within joomla/archive zip class (affecting Joomla! 3.0.0 through 3.9.24)
[20210309] Low Severity - Moderate Impact - Inadequate filtering of form contents could allow to overwrite the author field (affecting Joomla! 1.6.0 through 3.9.24)

Bug fixes and Improvements

Fix Save as Copy tag
Fix published attribute for Tag field
Fix batch menu items
Stream transport should enable verify_peer_name when possible
Optimize the code for rename incorrectly cased files on update
Addional PHP 8 improvments

 

Joomla 3.9.24

Security Issues Fixed

[20210101] Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23)
[20210102] Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23)
[20210103] Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23)

Bug fixes and Improvements

Continuing to improve PHP 8 support
Solved performance issue with zip archives containing zip files
Removes deprecate feature-policy and adds the new Permissions Policy
Update joomla/image dependency
Fixed regression SMTP Settings Test
Fixed regression to save empty passwords in global configuration

 

Joomla 3.9.23

Security Issues Fixed

Low Priority - High Impact - Write ACL violation in multiple core views (affecting Joomla! 2.5.0 through 3.9.22)
Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page (affecting Joomla! 2.5.0 through 3.9.22)
Low Priority - Moderate Impact - Path traversal in mod_random_image (affecting Joomla! 2.5.0 through 3.9.22)
Low Priority - High Impact - SQL injection in com_users list view (affecting Joomla! 3.0.0 through 3.9.22)
Low Priority - Low Impact - User Enumeration in backend login (affecting Joomla! 3.9.0 through 3.9.22)
Low Priority - Low Impact - CSRF in com_privacy emailexport feature (affecting Joomla! 3.9.0 through 3.9.22)
Low Priority - High Impact - Write ACL violation in multiple core views (affecting Joomla! 1.7.0 through 3.9.22)

Bug fixes and Improvements

TinyMCE updated
Fix for frontend module editing permissions
Fix for the lost of transparency when cropping/resizing images
Validation rule added for the redirect header field

 

Joomla 3.9.22

Bug fixes and Improvements

Contact component: Fix for the category filter results
Page Break: Fix for the page break title when the title attribute is after the class
Privacy Request: Fix the token check when removing data via a privacy removal request
Multilanguage: Display an error when the URL language code is saved as empty
Multilanguage: Force lowercase for url language code

 

Joomla 3.9.21

Security Issues Fixed

Low Priority - Core - XSS in mod_latestactions (affecting Joomla! 3.9.0 through 3.9.20)
Low Priority - Core - Open redirect in com_content vote feature (affecting Joomla! 3.0.0 through 3.9.20)
Low Priority - Core - Directory traversal in com_media (affecting Joomla! 2.5.0 through 3.9.20)

Bug fixes and Improvements

TinyMCE updated
CodeMirror updated
Upload Package File / Joomla Update : Upload file size check added
Actions Log: Log an event when Joomla is updated

 

Joomla 3.9.20 Release

Security Issues Fixed

Low Priority - Core - CSRF in com_installer ajax_install endpoint (affecting Joomla! 3.7.0 through 3.9.19)
Moderate Priority - Core - Missing checks can lead to a broken usergroups table record (affecting Joomla! 2.5.0 through 3.9.19)
Low Priority - Core - CSRF in com_privacy remove-request feature (affecting Joomla! 3.9.0 through 3.9.19)
Low Priority - Core - Variable tampering via user table class (affecting Joomla! 3.0.0 through 3.9.19)
Low Priority - Core - Escape mod_random_image link (affecting Joomla! 3.0.0 through 3.9.19)
Low Priority - Core - System Information screen could expose redis or proxy credentials (affecting Joomla! 3.0.0 through 3.9.19)

Bug fixes and Improvements

Upload & Update tab of Joomla Update Component: Fix to allow upload of ZIP filetype only
Local database server: Allow optional port numbers
Beez3 Template: Markup fix for the Tabs layout of com_contact
Beez3 Template: Allow custom field editing on frontend
Backend cache cleared when purging updates

 

Joomla 3.9.19 Relase

Security Issues Fixed

Low Priority - Core - XSS in modules heading tag option (affecting Joomla! 3.0.0 through 3.9.18)
Low Priority - Core - Inconsistent default textfilter settings (affecting Joomla! 2.5.0 through 3.9.18)
Low Priority - Core - XSS in com_modules tag options (affecting Joomla! 3.0.0 through 3.9.18)
Moderate Priority - Core - XSS in jQuery.htmlPrefilter (affecting Joomla! 3.0.0 through 3.9.18)
Low Priority - Core - CSRF in com_postinstall (affecting Joomla! 3.7.0 through 3.9.18)

Bug fixes and Improvements

Fix incomplete utf8mb4 conversion since 3.9.17
Backport jQuery 3.5 security fixes
Frontend: Removal of the create/edit menu item buttons
Extend the checks to make sure only real user admins can create accounts
Mail: Support of dotless domains
Codemirror updated to its latest release
Improve translation system supporting better pluralization for languages like Welsh

 

Joomla 3.9.18 Release

Bug fixes and Improvements

Fixes the single tag view incorrectly showing a 404 page

 

Joomla 3.9.17 Release

Security Issues Fixed

Low Priority - Core - Incorrect access control in com_users access level editing function (affecting Joomla 3.8.8 through 3.9.16)
Low Priority - Core - Missing checks for the root usergroup in usergroup table (affecting Joomla 2.5.0 through 3.9.16)
Low Priority - Core - Incorrect access control in com_users access level deletion function (affecting Joomla 2.5.0 through 3.9.16)

Bug fixes and Improvements

Removal of an unneeded file added to 3.9.16
Multilingual Associations: Fix for the Edit Associations buttons in Menu Items #28339 and in Category
PHPMailer upgraded to its latest version
'New' MVC classes depreciation notice for 4.0 instead of 5.0
Facilitate the usage of help system by third parties
PostgreSQL: Fix for module loading

 

Joomla 3.9.16 Release

Security Issues Fixed

Low Priority - Core - SQL injection in Featured Articles menu parameters (affecting Joomla 1.7.0 through 3.9.15)
Low Priority - Core - CSRF in com_templates image actions (affecting Joomla 3.2.0 through 3.9.15)
Low Priority - Core - XSS in Protostar and Beez3 (affecting Joomla 3.0.0 through 3.9.15)
Low Priority - Core - Incorrect Access Control in com_templates (affecting Joomla 2.5.0 through 3.9.15)
Low Priority - Core - Identifier collisions in com_users (affecting Joomla 3.0.0 through 3.9.15)
Low Priority - Core - Incorrect Access Control in com_fields SQL field (affecting Joomla 3.7.0 through 3.9.15)

Bug fixes and Improvements

Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ and ‘ugc’ attributes
Fields - Imagelist: Correct the display of the folder structure
Popular Tags Module fix
User - Contact Creator plugin: catid fixed

 

Joomla 3.9.15 Release

Security Issues Fixed

Low Priority - Core - CSRF in batch actions (affecting Joomla 3.0.0 through 3.9.14)
Low Priority - Core - CSRF com_templates LESS compiler (affecting Joomla 3.0.0 through 3.9.14)
Low Priority - Core - XSS in com_actionlogs (affecting Joomla 3.9.0 through 3.9.14)

Bug fixes and Improvements

Beez Template: Fix the consent field modal
Action Log emails: Use of absolute URLs
TinyMCE fixes
User email addresses: Case insensitive management
Prevent library extensions to overwrite core files

 

Joomla 3.9.14 Release

Security Issues Fixed

Low Priority - Core - Path Disclosure in framework files (affecting Joomla 3.8.0 through 3.9.13)
Low Priority - Core - Various SQL injections through configuration parameters (affecting Joomla 2.5.0 through 3.9.13)

Bug fixes and Improvements

Improve PHP 7.4 compatibility
Fix incorrect id generated for input fields in repetable subform
Fix Sample Data Learn
Allow JSON Document caching
Avoid errors when Joomla! gets outdated
Show full video filename and preview icon in Media Manager

 

Joomla 3.9.13 Release

Security Issues Fixed

Low Priority - Core - CSRF in com_template overrides view (affecting Joomla 3.2.0 through 3.9.12)
Low Priority - Core - Path Disclosure in phpuft8 mapping files (affecting Joomla 3.6.0 through 3.9.12)

Bug fixes and Improvements

Improve PHP 7.4 compatibility
Improve reverse proxy support
Fix active category detection
Fix message filtering
Improve sending mass mail

 

Joomla 3.9.12 Release

Security Issues Fixed

Low Priority - Core - XSS in logo parameter of default templates (affecting Joomla 3.0.0 through 3.9.11)

Bug fixes and Improvements

Fix for minyear and maxyear in the calendar
Handle Google Font weights and styles in Protostar
Fix user session on mssql server
Protect SQL servers by adding pause mechanism to cli finder indexer
Fix Imagelist custom field default image

 

Joomla 3.9.11 Release

Security Issues Fixed

Low Priority - Core - Hardening com_contact contact form (affecting Joomla 1.6.2 through 3.9.10)

Bug fixes and Improvements

Custom Fields: Fix language strings/unknown columns/sorting
Creating categories on the fly with numbers
Fix database schema checker for MySQL 8
Tree sorting in templates file tree
Improved PHP 7.4 compatibility

 

Joomla 3.9.10 Release

Joomla 3.9.10 is fixing one bug introduced into Joomla 3.9.9 which affects the template styles of multilingual sites and results in lost data.

 

Joomla 3.9.9 Release

Security Issues Fixed

Low Priority - Core - Filter attribute in subform fields allows remote code execution (affecting Joomla 3.9.7 through 3.9.8)

Bug fixes and Improvements

Repeatable Custom Fields: fix to keep HTML tags #25189
Media Manager: Modal layout improved #22475
Voting: Cache cleaned after voting #25201
Article ordering: Items grouped by category first #25295
Batch system: Improvements for Contact and Newsfeed #25259

 

Joomla 3.9.8 Release

Joomla 3.9.8 is fixing one bug introduced into Joomla 3.9.7, due to the removal of the French Help Server.

 

Joomla 3.9.7 Release

Security Issues Fixed

Low Priority - Core - CSV injection in com_actionlogs (affecting Joomla 3.9.0 through 3.9.6)
Low Priority - Core - XSS in subform field (affecting Joomla 3.6.0 through 3.9.6)
Low Priority - Core - ACL hardening of com_joomlaupdate (affecting Joomla 3.8.13 through 3.9.6)

Bug fixes and Improvements

Batch system: Copy permissions of modules #24737 and categories #24730
Progessive cache improvements #20310
Fix to avoid duplicated custom fields in com_content #24516
RTL improvements #23107 #24722
Removal of the unofficial French Help Server #24927
TinyMCE improvements: #24978 #25037
RSS: Fix to display the right category #24932
Media Manager: Fix directory traversal for symlinked folders #24924
User registration: Correct http schema used #24089

 

Joomla 3.9.6 Release

Security Issues Fixed

Low Priority - Core - XSS in com_users ACL debug views (affecting Joomla 1.7.0 through 3.9.5)
Low Priority - Core - By-passing protection of Phar Stream Wrapper Interceptor (affecting Joomla 3.9.3 through 3.9.5)

Bug fixes and Improvements

Media Manager: Fix logic in file upload check introduced in 3.9.5 #24637
Edge Chromium support added #24379
User Notes: Fix date format #24529
Frontend editing: article category editable by Publishers and up #24640
Cache: Cache folder automatically created if it doesn’t exist #21952
PostgreSQL database improvements #24682 #24683 #24652

 

Joomla 3.9.5 Release 

Security Issues Fixed

Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4)
High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4)
Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4)

Bug fixes and Improvements

User Password: Add minimum lowercase rule for password validation #24230
Associations tab: Fix wrong behaviour of Indonesian language #24244
Debug language: Fix User Actions Log Manager #24178
New installation language: Kazakh #24233
Google Authenticator plugin (2FA): QR-code generator implemented #24255

 

Joomla 3.9.4 Release

Security Issues Fixed

High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3)
Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3)
Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3)
Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3)

Bug fixes and Improvements

User Terms (#23787) and Privacy Consent (#23660) plugins: Layouts for the label and message added
Featured articles: Page subheading added #23583
Custom formfield layout paths simplified #22645
Com_contact: Contact name field moved out of the Contact Information block #23563
Custom module: Improvement of the frontend editing #23741
Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged

 

Joomla 3.9.3 Release

Security Issues Fixed

Low Priority - Core - Lack of URL filtering in various core components (affecting Joomla 2.5.0 through 3.9.2)
Low Priority - Core - Browserside mime-type sniffing causes XSS attack vectors (affecting Joomla 1.0.0 through 3.9.2)
Low Priority - Core - Additional warning in the Global Configuration textfilter settings (affecting Joomla 2.5.0 through 3.9.2)
Low Priority - Core - Stored XSS issue in the Global Configuration help url #2 (affecting Joomla 2.5.0 through 3.9.2)
Low Priority - Core - XSS Issue in core.js writeDynaList (affecting Joomla 2.5.0 through 3.9.2)
Low Priority - Core - Implement the TYPO3 PHAR stream wrapper (affecting Joomla 2.5.0 through 3.9.2)

Bug fixes and Improvements

Prevent renaming/deleting the template index.php file #23654
Smart Search improvement #23736
Contacts banned fields removed #23585
Improvement of the Integration tab display #23711
Fix the category filter for featured articles #23454
Fix for the Template Style field in the menu manager #23556
Breadcrumbs for tags #23599

 

Joomla 3.9.2 Release

Security Issues Fixed

Low Priority - Core - Stored XSS in mod_banners (affecting Joomla 2.5.0 through 3.9.1)
Low Priority - Core - Stored XSS in com_contact (affecting Joomla 2.5.0 through 3.9.1)
Low Priority - Core - Stored XSS issue in the Global Configuration textfilter settings (affecting Joomla 2.5.0 through 3.9.1)
Low Priority - Core - Stored XSS issue in the Global Configuration help url (affecting Joomla 2.5.0 through 3.9.1)

Bug fixes and Improvements

Fixes for states in com_finder (#23194), com_banners (#23193), com_messages (#23192), com_users notes (#23191)
Removal of the Caching field in the languages (#23174), syndicate (#23166), random image (#23165), and login modules (#23152)
Editors API extended #23224
Menu Item Alias type: Redirection is optional #23278
com_media: Normalisation of uploaded file names (#23259)
Code cleanup and namespacing

 

Joomla 3.9.1 Release

Fix for the automatic title option of the Latest Actions admin module #22925
Com_privacy: Redirected to the privacy request form after login #22927
Update to TinyMCE 4.5.9 #22879
Performance improvement for the category and tag managers #22117
Fix for the delete module positions issue #22935
Preventing the System Privacy Consent plugin from running when logging out through a menu item #22939
Content - Page Break plugin: Possibility to use a template override for Previous/Next pagination #22932
Fix navigation to the first page in pagination when SEF is off #23042
System - User Actions Log plugin: Removal of the number of days limitation #23084

Sdílet článek:

Novinky eABM

Novinky nejen ze světa IT
František Fajna | 8. říjen 2024

Pro společnost Sanovia a.s jsme vytvořili nové, moderní webové stránky.

Václav Dobiáš | 24. září 2024

Po prázdninách přinášíme letní speciál novinek v Microsoft Teams. Přibylo pár opravdu skvělých funkcí, které možná začnete i denně používat.

František Fajna | 18. září 2024

S potěšením oznamujeme spuštění nové moderní webové stránky pro Muzeum studené války v Praze, kterou jsme vytvořili v tzv. OnePage designu.