JoeJoomla
News

JoeJoomla News

On Saturday March 28, 2009, the Joomla! project released a security update that will bring Joomla! to version 1.5.10. It is important to keep your Joomla! websites up-to-date and secure and it's as simple as installing a patch update such as this one. As noted on the joomla.org website, this release contains 66 bug fixes, one low-level security fix, and one moderate-level security fix. You can get it HERE.

The patch upgrade takes very little time to do. I updated almost a dozen sites in less than a half an hour with this patch. Don't let your site, or any of your client sites get out of date. Although there was only one low and one moderate-level security risk closed up in this update, it's always smart business to implement an update as soon as possible. The time it takes is short in comparison to fixing a website that has been compromised by a malicious person.

Here are the items that have been included in this update as listed on the official joomla.org security upgrade page:

 

Security

One low-level and one moderate-level security issue were fixed in this release:

  • Moderate Priority: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
  • Low Priority: A XSS vulnerability exists in the category view of com_content.

Components

  • Article Alias no longer missing from Category Views 
  • Section List now drills down correctly to a Category List with Global Content Filters 
  • Web link Router now uses correct Category value
  • Article HTML filtering correct when only one Filter group selected
  • Tooltip Help corrected for Section, Category, and Article Alias
  • Sorting lists by values other than Order corrected
  • Archived Article Filter Function works correctly
  • Ampersand in site name no longer breaks Position value in vCard
  • Added "/" before URL in Remind Me and Password links for com_user
  • Search works properly using international characters with SEF enabled
  • Register to Read More in redirect URL correct for Section and Category Menu Items
  • Multiple Search Menu Items now return correct ItemID
  • com_media no longer incorrectly loads CSS files from the backend
  • Fixed invalid XHTML output in com_content and com_contact
  • Small errors in code comments corrected for com_user

Modules

  • Changing the module's 'Position' value now correctly changes the value for the 'Order' listbox.
  • When Module is saved, Module's cache is now cleared
  • Encoding behavior for quotes and ampersands corrected in Modules
  • Menu image alignment resolved
  • Menu Alias respects Active setting
  • Resolved tag error in mod_feed
  • Login Redirect returns to current page when no Redirect URL is specified

Plugins

  • Fixed ID tags used by openid.js
  • Pagebreak works correctly with JCE
  • Pagebreak outputs correct XHTML elements
  • Pagebreak accurately tracks active page
  • Pagebreak works correctly with Section tables
  • Caching error resolved for Remember Me function
  • Menu Item changes are now cached properly
  • SEF Plugin correctly handles "Data" attribute
  • Load Position no longer deletes dollar sign and next two positions, in Module output

Legacy

  • No legacy issues fixed for this release.

Templates

  • Beez: Correct Last Updated date used in Section Blog 
  • JA Purity: All Article text no longer linked when Category presented
  • rhuk Milkyway: Correct authorEmail value
  • Corrected RTL issue for Site Title when mouse hovering over Template Logo

Language

  • Localization for user name corrected in registration form
  • Corrected localization issue for new Module
  • User details translatable
  • Localization corrected for installation of Component 
  • Copy Menu Items function is now translatable
  • Pagebreak now translatable
  • Uninstalling a Component now has all Language Strings

Administrator

  • Categories are now sortable in reverse order by Order data element
  • Parameter Element ID for folderlist and filelist are correct
  • Date format correct for 'checked out date' 

System

  • Installation of Extensions no longer fails when zip files are included
  • No longer missing l10n in JApplicationHelper::parseXMLInstallFile()
  • Resolved Javascript errors created by previous SEF Background Image Fix
  • Resolved problem with error handling in JFactory::getXMLParser
  • Case-sensitive image extensions
  • Atom feed validates correctly
  • JString::RTrim method is correct
  • Removed short open tag in admin.categories.html.php
  • JInstallerComponent::_rollback_menu() error resolved when getting DB Connector
  • File move now correctly returns "false" when not read or writable
  • Directory Permissions listed correctly for Temp and Log Folders
  • JFolder::folders no longer returns unnecessary warning
  • Setting Tooltip Offset works correctly
  • JArchiveZip::_extractNative() correctly identifies zip_open() failure
  • Installer.php parseMedia points to correct folder
  • Custom Install file upgraded on Component installation 
  • Undefined index HTTP_USER_AGENT error fixed in behavior.php

 

Go To Top