Security release Joomla! 1.5.13 [Wojmamni ama baji] has been released. All previous versions of Joomla! 1.5.x should be upgraded immediately. If you have modified core template overrides, please be sure to back them up before upgrading.
This release contains 26 bug fixes, two moderate-level security fixes and one high-level security fix. The security issues fixed in this release are:
- High Priority: Core - File upload: Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.
- Moderate Priority: Core -XSS: Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.
Other bug fixes spread among components, plugins and language. Please see the official announcement for details and downloads.