Joomla 3.8.12 Security und Bugfix Release

Das CMS Joomla hat ein Update erhalten. Die Version 3.8.12 schließt 3 kleinere Sicherheitslücken und behebt über 20 Fehler.

Joomla Update 3.8.12

Joomla Update 3.8.12

Joomla 3.8.12 Security Notes

  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: Malicious file upload
  • Reported Date: 2018-August-23
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15882

Description

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: XSS
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15880

Description

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.7.0 through 3.8.11
  • Exploit type: ACL Violation
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15881

Description

Inadequate checks regarding disabled fields can lead to an ACL violation.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.11

Joomla 3.8.12 Bugfixes

  • Remove debug from calendar field as it breaks saving to the DB PR-staging
  • Tab not slider Language Change PR-staging
  • Work on indexer PR-staging
  • Merge Script Options recursive PR-staging
  • [com_tags] All Tags default layout PR-staging
  • Don’t show module chromes of disabled templates PR-staging
  • Allow filtering by archived in Redirect Manager PR-staging
  • Use the fixed menu item for open search url PR-staging
  • [Fix] Batch menu items: Translate the menu item title when client is administrator PR-staging
  • Cleanup batch copy of items PR-staging
  • Fix validation messages in reverse order on installation PR-staging
  • [com_content] Tags not shown in some cases PR-staging
  • Set option by mime type, not by mode name PR-staging
  • Stick permissions tab on scroll PR-staging
  • Build a not on windows group for test PR-staging Unit/System Tests
  • Repair the update of database schema changes on postgreSQL PR-staging
  • Fix errors exposed by strict and also improve js PR-staging
  • Escaping float value should be non-locale aware PR-staging Unit/System Tests
  • Fix unit tests for PostgreSQL 10 PR-staging Unit/System Tests
  • Fix minicolor initialization in subforms. etc. PR-staging
  • Exclude components in discover state from list (Replaces #12469) PR-staging
  • [com_content] Redundant access check PR-staging
  • [mod_articles_latest/news] Featured articles not shown PR-staging
  • Added security scan tool to CI setup

Quelle: https://www.joomla.org/announcements/release-news/5743-joomla-3-8-12-release.html

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.