Revisions of joomla
Lars Vogdt (lrupp)
accepted
request 1038626
from
Adrian Schröter (adrianSuSE)
(revision 35)
- update to 3.10.11 * Fixes for migration to version 4 - drop reference to google font server in default theme to be in sync with DSGVO regulation
Lars Vogdt (lrupp)
accepted
request 962601
from
Adrian Schröter (adrianSuSE)
(revision 34)
- Update to 3.10.6 * Should be used to prepare upgrade to joomla4 package
Lars Vogdt (lrupp)
committed
(revision 33)
fix version
Lars Vogdt (lrupp)
committed
(revision 32)
- Update to 3.10.5 * Privacy requests and confirmation can now be made by logged-in users only (#35470) * Improve the message for the backups to specifically include the 'filesystem' and the 'database' (#36494) * Fix an regression with the Progressive caching to cache modules per custom menu assignment (#36324) * Update simplepie to 1.3.3 (#36358) * PHP 8.1 compatibility patches (#36083, #35485) Please note if you show 'all errors' there could be deprication notices on some pages. * Update cacert.pem as of: Tue Oct 26 03:12:05 2021 GMT (#35955) * Fix wrong input filter type for extension names of site and admin languages in the extensions installer (#35980) * Fix tinymce issues when resorting happens (#34808) * Fix an calendar error with IE11 (#35819) * Update the cacert file (#35785) * Improve the loading of tags on the contacts component (#35764)
Lars Vogdt (lrupp)
committed
(revision 31)
use correct version
Lars Vogdt (lrupp)
committed
(revision 30)
- Update to 3.10.2 * Fix misleading "Update Required" in the pre-update checker #35510 * Fix javascript error for pre-update checker #35481 * Change text when com_joomlaupdate update available #35373 * fix language string case message for old sts settings
Lars Vogdt (lrupp)
accepted
request 913357
from
Adrian Schröter (adrianSuSE)
(revision 29)
- Update to 3.10.0 - Pre-Requirement for a joomla 4.x update!
Lars Vogdt (lrupp)
committed
(revision 28)
- Update to 3.9.28 Security Issues Fixed * Low Severity - Low Impact - XSS in JForm Rules field * Low Severity - Low Impact - DoS through usergroup table manipulation * Low Severity - Moderate Impact - Lack of enforced session termination * Low Severity - High Impact - Privilege escalation through com_installer * Low Severity - Moderate Impact - XSS in com_media imagelist Bug fixes and Improvements * Update CA certificates #34693 * Smart Search: Fix inserting tokens to DB #34497 * Fix search suggestions for mixed-case searches #33942
Lars Vogdt (lrupp)
committed
(revision 27)
- Update to 3.9.27 Security Issues Fixed * Low Severity - Low Impact - Adding HTML to the executable block list of MediaHelper::canUpload * Low Severity - Low Impact - CSRF in AJAX reordering endpoint * Low Severity - Low Impact - CSRF in data download endpoints Bug fixes and Improvements * Disable FLoC by default #33212 * Postgres compatibility fixes for smart search #31809 * Allow objects stored in tables as json #33633 * Improve indexing performance of Smart Search #33720 * Addional PHP 8 improvment #33113
Dirk Stoecker (dstoecker)
accepted
request 886424
from
Adrian Schröter (adrianSuSE)
(revision 26)
- Update to 3.9.26 Security Issues Fixed * Low Severity - Low Impact - Escape xss in logo parameter error pages * Low Severity - Low Impact - Inadequate filters on module layout settings Bug fixes and Improvements * Fix caching issues after rebuilding update sites #33040 * Allow to configure load balancer/reverse proxy setting #32866 * Fix loosing extra query parameter for update sites #32862 * MySQL and MariaDB compatibility fixes #32605 * Fix frontend create article permission #32470 * Update CodeMirror to 5.60.0 #32926 * Addional PHP 8 improvment #32767
Lars Vogdt (lrupp)
committed
(revision 25)
- Update to 3.9.25 Security Issues Fixed (CVE-2021-23126, CVE-2021-23127, CVE-2021-23128, CVE-2021-23129, CVE-2021-23130, CVE-2021-23132, CVE-2021-26027, CVE-2021-26029) + Insecure randomness within 2FA secret generation + Potential Insecure FOFEncryptRandval + XSS within alert messages showed to users + XSS within the feed parser library + Input validation within the template manager + com_media allowed paths that are not intended for image uploads + ACL violation within com_content frontend editing + Path Traversal within joomla/archive zip class + Inadequate filtering of form contents could allow to overwrite the author field Bug fixes and Improvements + Fix Save as Copy tag #32454 + Fix published attribute for Tag field #32332 + Fix batch menu items #32380 + Stream transport should enable verify_peer_name when possible #16501 + Optimize the code for rename incorrectly cased files on update #32176 + Addional PHP 8 improvments #31977 #32374 Security Issues Fixed (CVE-2021-23123, CVE-2021-23124 and CVE-2021-23125) * Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information » * Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information » * Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information »
Lars Vogdt (lrupp)
accepted
request 874772
from
Adrian Schröter (adrianSuSE)
(revision 24)
- update to 3.9.24 Security Issues Fixed * Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information » * Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information » * Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information » Bug fixes and Improvements * Continuing to improve PHP 8 support #31628 #31537 #31536 #30921 * Solved performance issue with zip archives containing zip files #31514 * Removes deprecate feature-policy and adds the new Permissions Policy #30819 * Update joomla/image dependency #31663 * Fixed regression SMTP Settings Test #31724 * Fixed regression to save empty passwords in global configuration #31672
Arjen de Korte (adkorte)
accepted
request 854340
from
Arjen de Korte (adkorte)
(revision 23)
- Update source download link and remove _service file (run 'osc service runall download_files' to download - Use correct version number - Use system apache rpm macros
Lars Vogdt (lrupp)
committed
(revision 22)
- Update to 3.9.23 Security Issues Fixed + Low Priority - High Impact - com_finder ignores access levels on autosuggest + Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page + Low Priority - Moderate Impact - Path traversal in mod_random_image + Low Priority - High Impact - SQL injection in com_users list view + Low Priority - Low Impact - User Enumeration in backend login + Low Priority - Low Impact - CSRF in com_privacy emailexport feature + Low Priority - High Impact - Write ACL violation in multiple core views Bug fixes and Improvements In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility (see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445). + TinyMCE updated #30329 + Fix for frontend module editing permissions #30778 + Fix for the lost of transparency when cropping/resizing images #30977 + Validation rule added for the redirect header field #31016
Lars Vogdt (lrupp)
committed
(revision 21)
- Update to 3.9.22 Bug fixes and Improvements + Contact component: Fix for the category filter results #30413 + Page Break: Fix for the page break title when the title attribute is after the class #30519 + Privacy Request: Fix the token check when removing data via a privacy removal request #30479 + Multilanguage: Display an error when the URL language code is saved as empty #30496 + Multilanguage: Force lowercase for url language code #30485
Lars Vogdt (lrupp)
committed
(revision 20)
- Update to 3.9.21 Security Issues Fixed + Low Priority - Core - XSS in mod_latestactions + Low Priority - Core - Open redirect in com_content vote feature + Low Priority - Core - Directory traversal in com_media Bug fixes and Improvements + TinyMCE updated #30329 + CodeMirror updated #30370 + Upload Package File / Joomla Update : Upload file size check added #30190 #29895 + Actions Log: Log an event when Joomla is updated #30157
Lars Vogdt (lrupp)
committed
(revision 19)
- Update to 3.9.20 Security Issues Fixed + Low Priority - Core - CSRF in com_installer ajax_install endpoint + Moderate Priority - Core - Missing checks can lead to a broken usergroups table record + Low Priority - Core - CSRF in com_privacy remove-request feature + Low Priority - Core - Variable tampering via user table class + Low Priority - Core - Escape mod_random_image link + Low Priority - Core - System Information screen could expose redis or proxy credentials Bug fixes and Improvements + Upload & Update tab of Joomla Update Component: Fix to allow upload of ZIP filetype only #29877 + Local database server: Allow optional port numbers #29567 + Beez3 Template: Markup fix for the Tabs layout of com_contact #29636 + Beez3 Template: Allow custom field editing on frontend #29577 + Backend cache cleared when purging updates #29603
Lars Vogdt (lrupp)
committed
(revision 18)
- Update to 3.9.19 Security Issues Fixed * Low Priority - Core - XSS in modules heading tag option * Low Priority - Core - Inconsistent default textfilter settings * Low Priority - Core - XSS in com_modules tag options * Moderate Priority - Core - XSS in jQuery.htmlPrefilter * Low Priority - Core - CSRF in com_postinstall Bug fixes and Improvements * Fix incomplete utf8mb4 conversion since 3.9.17 #29117 * Backport jQuery 3.5 security fixes #28948 * Frontend: Removal of the create/edit menu item buttons #29191 * Extend the checks to make sure only real user admins can create accounts #28948 * Mail: Support of dotless domains #28576 * Codemirror updated to its latest release #28691 * Improve translation system supporting better pluralization for languages like Welsh #28763
Lars Vogdt (lrupp)
committed
(revision 17)
- Update to 3.9.18 Bug fixes and Improvements + Fixes the single tag view incorrectly showing a 404 page #28746 - Update to 3.9.16 - Update to 3.9.15 - Update to 3.9.14 - Update to 3.9.13 - Update to 3.9.12 - Update to 3.9.11 - Update to 3.9.10 + Low Priority - Core - ACL hardening of com_joomlaUpdate - Update to 3.9.6 - Update to 3.9.5 - Update to 3.9.4 - Update to 3.9.3 - Update to 3.9.2 - Update to 3.9.1 - Update to 3.9.0 - Update to 3.8.13 * Low Priority - Core - Inadequate default access level for com_joomlaUpdate - Update to 3.8.12 - Update to 3.8.12 - Update to 3.8.11 - Update to 3.8.10 * CodeMirror Updated to 5.38.0 #20636 - Update to 3.8.8 - Update to 3.8.7 * CodeMirror editor Updated to 5.35.0 #19809 - Update to 3.8.6 - Update to 3.8.5
Lars Vogdt (lrupp)
committed
(revision 16)
- update to 3.9.16 Security Issues Fixed + Low Priority - Core - SQL injection in Featured Articles menu parameters + Low Priority - Core - CSRF in com_templates image actions + Low Priority - Core - XSS in Protostar and Beez3 + Low Priority - Core - Incorrect Access Control in com_templates + Low Priority - Core - Identifier collisions in com_users + Low Priority - Core - Incorrect Access Control in com_fields SQL field Bug fixes and Improvements + Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ and ‘ugc’ attributes #28055 + Fields - Imagelist: Correct the display of the folder structure #16708 + Popular Tags Module fix #27745 + User - Contact Creator plugin: catid fixed #27949
Displaying revisions 1 - 20 of 35