Joomla! 1.6 release now gets its first and major update. On March 7th Joomla! 1.6.1 was announced, which includes fiexes for 12 security and 206 other issues. This is a security release, so you should apply the update to you Joomla! 1.6 installations as soon as possible. As usual please backup your sites and perform adequate tests before updating your production sites.
Downloads of Joomla! 1.6.1 can be found at the official announcement page.
Here is the list of security issues got patched in this release:
- Moderate Priority - Core - SQL Injection / Internal Path Disclosure: Inadequate filtering of request variables causes database errors.
- Moderate Priority - Core - Path Disclosure: Uncaught exception causes full path disclosure.
- Moderate Priority - Core - XSS Vulnerabilities: Inadequate checking for double URI encoding leads to XSS vulnerabilities.
- Moderate Priority - Core - XSS Vulnerabilities: Inadequate filtering causes XSS vulnerabilities.
- Low Priority - Core - Information Disclosure: Inadequate access checking leads to information disclosure.
- Moderate Priority - Core - Redirect Vulnerabilities: Inadequate checking of redirect URL's.
- Moderate Priority - Core - Information Disclosure: Inadequate filtering causes information disclosure.
- Low Priority - Core - Unauthorised Access: Inadequate control of which files can be edited by authenticated users.
- Moderate Priority - Core - CSRF Vulnerabilities: Inadequate token checking causes cross site request forgery vulnerability.
- Moderate Priority - Core - DOS Vulnerabilities: Editor caching can result in disk space denial of service.
- Moderate Priority - Core - XSS Vulnerabilities: Inadequate filtering causes XSS vulnerabilities.
- Moderate Priority - Core - CSRF Vulnerabilities: Inadequate token checking leads to cross-site request forgery vulnerability.