Joomla! 1.5.13 Security Release

Written by: Kochin
Category: Joomla!

Security release Joomla! 1.5.13 [Wojmamni ama baji] has been released. All previous versions of Joomla! 1.5.x should be upgraded immediately. If you have modified core template overrides, please be sure to back them up before upgrading.

This release contains 26 bug fixes, two moderate-level security fixes and one high-level security fix. The security issues fixed in this release are:

  • High Priority: Core - File upload: Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.
  • Moderate Priority: Core -XSS: Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.
Other bug fixes spread among components, plugins and language. Please see the official announcement for details and downloads.

Joomla! 1.5.12 final

Written by: Kochin
Category: Joomla!

Joomla 1.5.12

One week after the call for help testing Joomla! 1.5.12 RC, the Joomla! Project release the final version of Joomla 1.5.12 [Wojmamni Ama Woi]. (The codename Wojmamni Ama Woi comes from Yaqui language spoken by aboriginals in America. It means the number 12.) This release contains a number of bug fixes and three moderate-level security fixes.

Here are the security fixes included in this version:

  • Moderate Priority - Core - Frontend XSS. An attacker can inject JavaScript into URL to be executed on a user's browser.
  • Moderate Priority - Core - Missing JEXEC check. Scripts may expose internal path information.
  • Moderate Priority - Core - Frontend XSS. HTTP_REFERER is not properly parsed which may allow code injection.

A couple of important changes makes this release an important milestone for the Joomla Project. First, the upgrade of the PEAR library to the new BSD licensed version brings the codebase into full compliance with the GPL. In addition, this release contains an important upgrade to TinyMCE v 3.2.4.1.

See the full list of changes at Joomla! 1.5.12 Released page. Full and upgrade release packages can be downloaded there.

 

Help testing Joomla! 1.5.12

Written by: Kochin
Category: Joomla!

Joomla! Project is asking for help in testing the coming Joomla! 1.5.12. They recently (6/24) released Joomla! 1.5.12 Relase Candidate. This version contains 22 bug fixes as well as two major feature updates. The project development team feels that those changes are significant enough to warrant extra community testing.

 

One of the major updates is the upgrade of TinyMCE. Joomla! 1.5.x has been using the older version 2 for a long while. Joomla! 1.5.12 will employ the latest TinyMCE version 3. Because there are quite many changes from the earlier version, more tests are needed to ensure its proper working with Joomla!.

The other major update requires extra testing concerns PHPMailer class. Changes were made to the framework PHPMailer class in order to allow secure connections (SSL/TLS) to SMTP servers. Given these changes, Joomla! is now able to use services such as Gmail to handle e-mail from the application.

You should first verify normal email functions are working as before, then test it using your Gmail account. Using following options in Global Configuration -> Server for your tests:

  • Mailer: SMTP Server
  • SMTP Authentication: Yes
  • SMTP Username: Your Gmail username
  • SMTP Password: Your Gmail password
  • SMTP Host: tls://smtp.gmail.com:465

Please download Joomla! 1.5.12.RC at it announcemnet page. Any feedback regarding your testing results can be submitted as comments on that page.

Because this is a release candidate, please don't use it on a live production site.

 

Joomla! 1.5.11 Security Release

Written by: Kochin
Category: Joomla!

Today (June 3) a new Joomla! release was announced. This new version, Joomla! 1.5.11 [Vea], is a security release. Users of previous versions are encouraged to upgrade as soon as possible.

Two moderate-level and one low-level security issues are fixed in this release.

  • Moderate Priority: Core - A XSS vulnerability exists in the user view of com_users in the administrator panel.
  • Moderate Priority: Core - A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.
  • Low Priority: Core - Some values were output from the database without being properly escaped which may allow XSS exploits.

In addition to those security issues, it also patches up bugs in components, modules, templates, language, administrator and system.

As always, please head for the official announcement page for details and downloads.

Joomla! Site Showcase

Written by: Kochin
Category: Joomla!

If you are new to Joomla!, you probably are wondering how Joomla! can be used to build a Web site. Even for a Joomla! veteran, sometimes it helps to get inspiration from other people's work.

Joomla! Community has started a showcase for Joomla! users and friends to register sites built with Joomla! by themselves or found on the Web. Sites are grouped into various categories so that it's easy to find a site similar to the one you have in mind. Studying those Joomla! sites can help you see how different components and modules fit together and what work well in the specific situation.

So why don't you go to Joomla! Community Showcase now and browse around? You might find some sites worth visiting.

  1. Joomla 1.5.10 [Wohmamni]
  2. Joomla! 1.5.9 Security Release
  3. Joomla 1.5.8 [Wohnaiki]
  4. Joomla! takes runner-up in Packt Award
  5. Help testing Joomla! 1.0.14 RC1

Page 6 of 8

FaLang translation system by Faboba

News