In quick succession Joomla! Development Team released Joomla! 1.5.19 and 1.5.20. Version 1.5.19 is supposed to fix some security issues and adds a Mootools 1.2.4 upgrade plugin. However, for some unknown reasons, those security fixes were not included in version 1.5.19. Thus Joomla! Team re-released it, and bumped the version number to 1.5.20.
According to information collected on the official web site, version 1.5.20 contains no new features or bug fixes beyond version 1.5.19. It was released to remedy pacakaging problems introduced in 1.5.19.
The security fixes included in 1.5.19 (supposedly) and 1.5.20 (actually) are
- 1 Low Priority - Core - SQL Injection / Interal Path Exposure: Back-end user can create MySQL error which shows internal path information in the error message.
- 3 Medium Priority - Core - XSS Vulnerabilities in back end: Back-end user can inject Javascript in various administrator screens.
The other significant addition to version 1.5.19 is the Mootools 1.2.4 Upgrade Plugin. It was described in our earlier article, Mootools 1.2 in Joomla! 1.5.
For more details please read official announcements for 1.5.19 and 1.5.20.