Das CMS Joomla, erhielt das Update 4.1.1 und 3.10.7. Es behebt einige Fehler und schließt 7 bzw. 6 Sicherheitslücken.
Joomla 4.1.1 Release Notes
Security Issues Fixed
- [20220301] Low Severity – Moderate Impact – Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220302] Low Severity – Low Impact – Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220303] Low Severity – High Impact – User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220305] Low Severity – High Impact – Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220306] Low Severity – Low Impact – Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220307] Low Severity – Moderate Impact – Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) More information
- [20220308] Low Severity – Moderate Impact – Inadequate content filtering within the filter code (affecting Joomla! 4.0.0 through 4.1.0) More information
- [20220309] Low Severity – Moderate Impact – XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) More information
Bug fixes and Improvements
- Fix language strings behaviour in TinyMCE
- Fix switch for syntax highlighting in TinyMCE
- Show failed tasks in scheduler
- Correct usage of Jooa11y parameters
- Codemirror enhancements
- Several 8.x PHP fixes
Visit GitHub for the full list of bug fixes.
Joomla 3.10.7 Release Notes
Security Issues Fixed
- [20220301] Low Severity – Moderate Impact – Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220302] Low Severity – Low Impact – Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220303] Low Severity – High Impact – User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220304] Low Severity – Moderate Impact – Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) More information
- [20220305] Low Severity – High Impact – Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220306] Low Severity – Low Impact – Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
Bug fixes and Improvements
- Backport JQuery UI security patch for CVE-2021-41184 (#37308 (https://github.com/joomla/joomla-cms/pull/37308))
- Disable Google Fonts setting for 3.10.7+ new installations (#36888 (https://github.com/joomla/joomla-cms/pull/36888))
- [Regression] Fix updating redirect values unintentionally changed (#36951 (https://github.com/joomla/joomla-cms/pull/36951))
- Remove FLoC setting as it has been abandoned (#36861 (https://github.com/joomla/joomla-cms/pull/36861))
- E-Mail Cloak: TLDs long as 10 will no longer truncated until (#36986 (https://github.com/joomla/joomla-cms/pull/36986))
- Privacy Consent wording I agree vs I do not agree (#37181 (https://github.com/joomla/joomla-cms/pull/37181))
Visit GitHub for the full list of bug fixes.
Quelle: Joomla 4.1.1 and 3.10.7 Release
Pingback: Joomla 4.1.2 und 3.10.8 Regression Security und Bugfix Release – TASTE-OF-IT