Today (June 3) a new Joomla! release was announced. This new version, Joomla! 1.5.11 [Vea], is a security release. Users of previous versions are encouraged to upgrade as soon as possible.
Two moderate-level and one low-level security issues are fixed in this release.
- Moderate Priority: Core - A XSS vulnerability exists in the user view of com_users in the administrator panel.
- Moderate Priority: Core - A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.
- Low Priority: Core - Some values were output from the database without being properly escaped which may allow XSS exploits.
In addition to those security issues, it also patches up bugs in components, modules, templates, language, administrator and system.
As always, please head for the official announcement page for details and downloads.