
Das CMS Joomla hat ein Update erhalten. Die Version 3.8.12 schließt 3 kleinere Sicherheitslücken und behebt über 20 Fehler.
Joomla 3.8.12 Security Notes
[20180801] – Core – Hardening the InputFilter for PHAR stubs
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 1.5.0 through 3.8.11
- Exploit type: Malicious file upload
- Reported Date: 2018-August-23
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15882
Description
Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
[20180802] – Core – Stored XSS vulnerability in the frontend profile
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.5.0 through 3.8.11
- Exploit type: XSS
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
[20180803] – Core – ACL Violation in custom fields
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.7.0 through 3.8.11
- Exploit type: ACL Violation
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15881
Description
Inadequate checks regarding disabled fields can lead to an ACL violation.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.11
Joomla 3.8.12 Bugfixes
- Remove debug from calendar field as it breaks saving to the DB PR-staging
- Tab not slider Language Change PR-staging
- Work on indexer PR-staging
- Merge Script Options recursive PR-staging
- [com_tags] All Tags default layout PR-staging
- Don’t show module chromes of disabled templates PR-staging
- Allow filtering by archived in Redirect Manager PR-staging
- Use the fixed menu item for open search url PR-staging
- [Fix] Batch menu items: Translate the menu item title when client is administrator PR-staging
- Cleanup batch copy of items PR-staging
- Fix validation messages in reverse order on installation PR-staging
- [com_content] Tags not shown in some cases PR-staging
- Set option by mime type, not by mode name PR-staging
- Stick permissions tab on scroll PR-staging
- Build a not on windows group for test PR-staging Unit/System Tests
- Repair the update of database schema changes on postgreSQL PR-staging
- Fix errors exposed by strict and also improve js PR-staging
- Escaping float value should be non-locale aware PR-staging Unit/System Tests
- Fix unit tests for PostgreSQL 10 PR-staging Unit/System Tests
- Fix minicolor initialization in subforms. etc. PR-staging
- Exclude components in discover state from list (Replaces #12469) PR-staging
- [com_content] Redundant access check PR-staging
- [mod_articles_latest/news] Featured articles not shown PR-staging
- Added security scan tool to CI setup
Quelle: https://www.joomla.org/announcements/release-news/5743-joomla-3-8-12-release.html