Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:adrianSuSE:himbeere
joomla
joomla.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File joomla.changes of Package joomla
------------------------------------------------------------------- Sat Dec 23 09:03:32 UTC 2023 - Adrian Schröter <adrian@suse.de> - update to 3.10.12 ------------------------------------------------------------------- Tue Oct 25 07:19:05 UTC 2022 - Adrian Schröter <adrian@suse.de> - update to 3.10.11 * Fixes for migration to version 4 ------------------------------------------------------------------- Tue Oct 25 07:13:59 UTC 2022 - Adrian Schröter <adrian@suse.de> - drop reference to google font server in default theme to be in sync with DSGVO regulation ------------------------------------------------------------------- Fri Mar 18 06:55:13 UTC 2022 - Adrian Schröter <adrian@suse.de> - Update to 3.10.6 * Should be used to prepare upgrade to joomla4 package ------------------------------------------------------------------- Mon Feb 7 08:17:16 UTC 2022 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.10.5 * Privacy requests and confirmation can now be made by logged-in users only (#35470) * Improve the message for the backups to specifically include the 'filesystem' and the 'database' (#36494) * Fix an regression with the Progressive caching to cache modules per custom menu assignment (#36324) * Update simplepie to 1.3.3 (#36358) * PHP 8.1 compatibility patches (#36083, #35485) Please note if you show 'all errors' there could be deprication notices on some pages. * Update cacert.pem as of: Tue Oct 26 03:12:05 2021 GMT (#35955) * Fix wrong input filter type for extension names of site and admin languages in the extensions installer (#35980) * Fix tinymce issues when resorting happens (#34808) * Fix an calendar error with IE11 (#35819) * Update the cacert file (#35785) * Improve the loading of tags on the contacts component (#35764) ------------------------------------------------------------------- Mon Sep 20 17:09:08 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.10.2 * Fix misleading "Update Required" in the pre-update checker #35510 * Fix javascript error for pre-update checker #35481 * Change text when com_joomlaupdate update available #35373 * fix language string case message for old sts settings ------------------------------------------------------------------- Fri Aug 20 13:23:03 UTC 2021 - Adrian Schröter <adrian@suse.de> - Update to 3.10.0 - Pre-Requirement for a joomla 4.x update! ------------------------------------------------------------------- Mon Jul 19 07:47:42 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.9.28 Security Issues Fixed * Low Severity - Low Impact - XSS in JForm Rules field * Low Severity - Low Impact - DoS through usergroup table manipulation * Low Severity - Moderate Impact - Lack of enforced session termination * Low Severity - High Impact - Privilege escalation through com_installer * Low Severity - Moderate Impact - XSS in com_media imagelist Bug fixes and Improvements * Update CA certificates #34693 * Smart Search: Fix inserting tokens to DB #34497 * Fix search suggestions for mixed-case searches #33942 ------------------------------------------------------------------- Wed Jun 2 13:39:42 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.9.27 Security Issues Fixed * Low Severity - Low Impact - Adding HTML to the executable block list of MediaHelper::canUpload * Low Severity - Low Impact - CSRF in AJAX reordering endpoint * Low Severity - Low Impact - CSRF in data download endpoints Bug fixes and Improvements * Disable FLoC by default #33212 * Postgres compatibility fixes for smart search #31809 * Allow objects stored in tables as json #33633 * Improve indexing performance of Smart Search #33720 * Addional PHP 8 improvment #33113 ------------------------------------------------------------------- Sun Apr 18 07:02:42 UTC 2021 - Adrian Schröter <adrian@suse.de> - Update to 3.9.26 Security Issues Fixed * Low Severity - Low Impact - Escape xss in logo parameter error pages * Low Severity - Low Impact - Inadequate filters on module layout settings Bug fixes and Improvements * Fix caching issues after rebuilding update sites #33040 * Allow to configure load balancer/reverse proxy setting #32866 * Fix loosing extra query parameter for update sites #32862 * MySQL and MariaDB compatibility fixes #32605 * Fix frontend create article permission #32470 * Update CodeMirror to 5.60.0 #32926 * Addional PHP 8 improvment #32767 ------------------------------------------------------------------- Wed Mar 3 15:46:34 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.9.25 Security Issues Fixed (CVE-2021-23126, CVE-2021-23127, CVE-2021-23128, CVE-2021-23129, CVE-2021-23130, CVE-2021-23132, CVE-2021-26027, CVE-2021-26029) + Insecure randomness within 2FA secret generation + Potential Insecure FOFEncryptRandval + XSS within alert messages showed to users + XSS within the feed parser library + Input validation within the template manager + com_media allowed paths that are not intended for image uploads + ACL violation within com_content frontend editing + Path Traversal within joomla/archive zip class + Inadequate filtering of form contents could allow to overwrite the author field Bug fixes and Improvements + Fix Save as Copy tag #32454 + Fix published attribute for Tag field #32332 + Fix batch menu items #32380 + Stream transport should enable verify_peer_name when possible #16501 + Optimize the code for rename incorrectly cased files on update #32176 + Addional PHP 8 improvments #31977 #32374 ------------------------------------------------------------------- Wed Feb 24 07:44:41 UTC 2021 - Adrian Schröter <adrian@suse.de> - update to 3.9.24 Security Issues Fixed (CVE-2021-23123, CVE-2021-23124 and CVE-2021-23125) * Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information » * Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information » * Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information » Bug fixes and Improvements * Continuing to improve PHP 8 support #31628 #31537 #31536 #30921 * Solved performance issue with zip archives containing zip files #31514 * Removes deprecate feature-policy and adds the new Permissions Policy #30819 * Update joomla/image dependency #31663 * Fixed regression SMTP Settings Test #31724 * Fixed regression to save empty passwords in global configuration #31672 ------------------------------------------------------------------- Wed Dec 9 19:15:54 UTC 2020 - Arjen de Korte <suse+build@de-korte.org> - Update source download link and remove _service file (run 'osc service runall download_files' to download - Use correct version number - Use system apache rpm macros ------------------------------------------------------------------- Mon Nov 30 19:04:22 UTC 2020 - lars@linux-schulserver.de - 3.9.23 - Update to 3.9.23 Security Issues Fixed + Low Priority - High Impact - com_finder ignores access levels on autosuggest + Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page + Low Priority - Moderate Impact - Path traversal in mod_random_image + Low Priority - High Impact - SQL injection in com_users list view + Low Priority - Low Impact - User Enumeration in backend login + Low Priority - Low Impact - CSRF in com_privacy emailexport feature + Low Priority - High Impact - Write ACL violation in multiple core views Bug fixes and Improvements In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility (see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445). + TinyMCE updated #30329 + Fix for frontend module editing permissions #30778 + Fix for the lost of transparency when cropping/resizing images #30977 + Validation rule added for the redirect header field #31016 ------------------------------------------------------------------- Thu Oct 15 16:02:44 UTC 2020 - lars@linux-schulserver.de - 3.9.22 - Update to 3.9.22 Bug fixes and Improvements + Contact component: Fix for the category filter results #30413 + Page Break: Fix for the page break title when the title attribute is after the class #30519 + Privacy Request: Fix the token check when removing data via a privacy removal request #30479 + Multilanguage: Display an error when the URL language code is saved as empty #30496 + Multilanguage: Force lowercase for url language code #30485 ------------------------------------------------------------------- Sun Aug 30 11:37:09 UTC 2020 - lars@linux-schulserver.de - 3.9.21 - Update to 3.9.21 Security Issues Fixed + Low Priority - Core - XSS in mod_latestactions + Low Priority - Core - Open redirect in com_content vote feature + Low Priority - Core - Directory traversal in com_media Bug fixes and Improvements + TinyMCE updated #30329 + CodeMirror updated #30370 + Upload Package File / Joomla Update : Upload file size check added #30190 #29895 + Actions Log: Log an event when Joomla is updated #30157 ------------------------------------------------------------------- Wed Jul 15 07:46:09 UTC 2020 - lars@linux-schulserver.de - 3.9.20 - Update to 3.9.20 Security Issues Fixed + Low Priority - Core - CSRF in com_installer ajax_install endpoint + Moderate Priority - Core - Missing checks can lead to a broken usergroups table record + Low Priority - Core - CSRF in com_privacy remove-request feature + Low Priority - Core - Variable tampering via user table class + Low Priority - Core - Escape mod_random_image link + Low Priority - Core - System Information screen could expose redis or proxy credentials Bug fixes and Improvements + Upload & Update tab of Joomla Update Component: Fix to allow upload of ZIP filetype only #29877 + Local database server: Allow optional port numbers #29567 + Beez3 Template: Markup fix for the Tabs layout of com_contact #29636 + Beez3 Template: Allow custom field editing on frontend #29577 + Backend cache cleared when purging updates #29603 ------------------------------------------------------------------- Wed Jun 3 15:13:27 UTC 2020 - lars@linux-schulserver.de - 3.9.19 - Update to 3.9.19 Security Issues Fixed * Low Priority - Core - XSS in modules heading tag option * Low Priority - Core - Inconsistent default textfilter settings * Low Priority - Core - XSS in com_modules tag options * Moderate Priority - Core - XSS in jQuery.htmlPrefilter * Low Priority - Core - CSRF in com_postinstall Bug fixes and Improvements * Fix incomplete utf8mb4 conversion since 3.9.17 #29117 * Backport jQuery 3.5 security fixes #28948 * Frontend: Removal of the create/edit menu item buttons #29191 * Extend the checks to make sure only real user admins can create accounts #28948 * Mail: Support of dotless domains #28576 * Codemirror updated to its latest release #28691 * Improve translation system supporting better pluralization for languages like Welsh #28763 ------------------------------------------------------------------- Thu Apr 23 13:09:42 UTC 2020 - lars@linux-schulserver.de - 3.9.18 - Update to 3.9.18 Bug fixes and Improvements + Fixes the single tag view incorrectly showing a 404 page #28746 ------------------------------------------------------------------- Wed Mar 11 19:59:17 UTC 2020 - lars@linux-schulserver.de - 3.9.16 - Update to 3.9.16 Security Issues Fixed + Low Priority - Core - SQL injection in Featured Articles menu parameters + Low Priority - Core - CSRF in com_templates image actions + Low Priority - Core - XSS in Protostar and Beez3 + Low Priority - Core - Incorrect Access Control in com_templates + Low Priority - Core - Identifier collisions in com_users + Low Priority - Core - Incorrect Access Control in com_fields SQL field Bug fixes and Improvements + Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ and ‘ugc’ attributes #28055 + Fields - Imagelist: Correct the display of the folder structure #16708 + Popular Tags Module fix #27745 + User - Contact Creator plugin: catid fixed #27949 ------------------------------------------------------------------- Wed Jan 29 16:29:57 UTC 2020 - lars@linux-schulserver.de - 3.9.15 - Update to 3.9.15 Security Issues Fixed + Low Priority - Core - CSRF in batch actions + Low Priority - Core - CSRF com_templates LESS compiler + Low Priority - Core - XSS in com_actionlogs Bug fixes and Improvements + Beez Template: Fix the consent field modal #23205 + Action Log emails: Use of absolute URLs #27432 + TinyMCE fixes: #27498 #27519 + User email addresses: Case insensitive management #24117 + Prevent library extensions to overwrite core files #27300 ------------------------------------------------------------------- Wed Dec 18 18:23:03 UTC 2019 - lars@linux-schulserver.de - 3.9.14 - Update to 3.9.14 Security Issues Fixed + Low Priority - Core - Path Disclosure in framework files + Low Priority - Core - Various SQL injections through configuration parameters Bug fixes and Improvements + Improve PHP 7.4 compatibility #27190 #27219 + Fix incorrect id generated for input fields in repetable subform #27081 + Fix Sample Data Learn #27100 #27101 #27102 + Allow JSON Document caching #27161 + Avoid errors when Joomla! gets outdated #27197 + Show full video filename and preview icon in Media Manager #27230 ------------------------------------------------------------------- Wed Nov 6 15:41:24 UTC 2019 - lars@linux-schulserver.de - 3.9.13 - Update to 3.9.13 Security Issues Fixed + Low Priority - Core - CSRF in com_template overrides view + Low Priority - Core - Path Disclosure in phpuft8 mapping files Bug fixes and Improvements + Improve PHP 7.4 compatibility #25801 #25782 #26615 #26865 + Improve reverse proxy support #25520 + Fix active category detection #26330 + Fix message filtering #26065 + Improve sending mass mail #26844 - following new php.ini recommendations in apache config: + adjusted max file sizes (upload/post) from 16M to 20M + setting PHP script max_execution_time to 300 ------------------------------------------------------------------- Wed Sep 25 18:05:37 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.9.12 Security Issues Fixed + Low Priority - Core - XSS in logo parameter of default templates Bug fixes and Improvements + Fix for minyear and maxyear in the calendar #26119 + Handle Google Font weights and styles in Protostar #25976 + Fix user session on mssql server #23213 + Protect SQL servers by adding pause mechanism to cli finder indexer #13502 + Fix Imagelist custom field default image #26352 ------------------------------------------------------------------- Wed Aug 14 16:22:50 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.9.11 Security Issues Fixed + Low Priority - Core - Hardening com_contact contact form Bug fixes and Improvements + Custom Fields: Fix language strings/unknown columns/sorting #25476 + Creating categories on the fly with numbers #25024 + Fix database schema checker for MySQL 8 #25658 + Tree sorting in templates file tree #25792 + Improved PHP 7.4 compatibility #25784 ------------------------------------------------------------------- Wed Jul 10 16:21:02 UTC 2019 - lars@linux-schulserver.de - 3.9.10 - Update to 3.9.10 Security Issues Fixed + Low Priority - Core - CSV injection in com_actionlogs + Low Priority - Core - XSS in subform field + Low Priority - Core - ACL hardening of com_joomlaUpdate + Low Priority - Core - Filter attribute in subform fields allows remote code execution Bug fixes and Improvements + Repeatable Custom Fields: fix to keep HTML tags #25189 + Media Manager: Modal layout improved #22475 + Voting: Cache cleaned after voting #25201 + Article ordering: Items grouped by category first #25295 + Batch system: Improvements for Contact and Newsfeed #25259 + Batch system: Copy permissions of modules #24737 and categories #24730 + Progessive cache improvements #20310 + Fix to avoid duplicated custom fields in com_content #24516 + RTL improvements #23107 #24722 + Removal of the unofficial French Help Server #24927 + TinyMCE improvements: #24978 #25037 + RSS: Fix to display the right category #24932 + Media Manager: Fix directory traversal for symlinked folders #24924 + User registration: Correct http schema used #24089 ------------------------------------------------------------------- Fri May 17 07:46:25 UTC 2019 - lars@linux-schulserver.de - 3.9.6 - Update to 3.9.6 * Security Issues Fixed + Low Priority - Core - XSS in com_users ACL debug views (affecting Joomla 1.7.0 through 3.9.5) + Low Priority - Core - By-passing protection of Phar Stream Wrapper Interceptor (affecting Joomla 3.9.3 through 3.9.5) * Bug fixes and Improvements + Media Manager: Fix logic in file upload check introduced in 3.9.5 #24637 + Edge Chromium support added #24379 + User Notes: Fix date format #24529 + Frontend editing: article category editable by Publishers and up #24640 + Cache: Cache folder automatically created if it doesn’t exist #21952 + PostgreSQL database improvements #24682 #24683 #24652 ------------------------------------------------------------------- Sat Apr 13 17:03:28 UTC 2019 - Adrian Schröter <adrian@suse.de> - Update to 3.9.5 * Security Issues Fixed + High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) + Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) + Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) * Bug fixes and Improvements + User Password: Add minimum lowercase rule for password validation #24230 + Associations tab: Fix wrong behaviour of Indonesian language #24244 + Debug language: Fix User Actions Log Manager #24178 + New installation language: Kazakh #24233 + Google Authenticator plugin (2FA): QR-code generator implemented #24255 ------------------------------------------------------------------- Tue Mar 19 13:44:54 UTC 2019 - Adrian Schröter <adrian@suse.de> - Update to 3.9.4 Security Issues Fixed + High Priority - Core - Missing ACL check in sample data plugins + Low Priority - Core - XSS in com_config JSON handler + Low Priority - Core - XSS in item_title layout + Low Priority - Core - XSS in media form field Bug fixes and Improvements + User Terms (#23787) and Privacy Consent (#23660) plugins + Featured articles: Page subheading added #23583 + Custom formfield layout paths simplified #22645 + Com_contact: Contact name field moved out of the Contact Information block #23563 + Custom module: Improvement of the frontend editing #23741 + Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged ------------------------------------------------------------------- Fri Feb 15 13:57:06 UTC 2019 - lars@linux-schulserver.de - Update to 3.9.3 Security Issues Fixed + Lack of URL filtering in various core components + Browserside mime-type sniffing causes XSS attack vectors + Additional warning in the Global Configuration textfilter settings + Stored XSS issue in the Global Configuration help url #2 + XSS Issue in core.js writeDynaList + Implement the TYPO3 PHAR stream wrapper Bug fixes and Improvements + Prevent renaming/deleting the template index.php file #23654 + Smart Search improvement #23736 + Contacts banned fields removed #23585 + Improvement of the Integration tab display #23711 + Fix the category filter for featured articles #23454 + Fix for the Template Style field in the menu manager #23556 + Breadcrumbs for tags #23599 ------------------------------------------------------------------- Thu Jan 17 14:44:49 UTC 2019 - lars@linux-schulserver.de - Update to 3.9.2 Security Issues Fixed + Stored XSS in mod_banners + Stored XSS in com_contact + Stored XSS issue in the Global Configuration textfilter settings + Stored XSS issue in the Global Configuration help url Bug fixes and Improvements + Fixes for states in com_finder (#23194), com_banners (#23193), com_messages (#23192), com_users notes (#23191) + Removal of the Caching field in the languages (#23174), syndicate (#23166), random image (#23165), and login modules (#23152) + Editors API extended #23224 + Menu Item Alias type: Redirection is optional #23278 + com_media: Normalisation of uploaded file names (#23259) + Code cleanup and namespacing ------------------------------------------------------------------- Mon Dec 24 22:16:10 UTC 2018 - Lars Vogdt <lars@linux-schulserver.de> - Update to 3.9.1 + Fix for the automatic title option of the Latest Actions admin module #22925 + Com_privacy: Redirected to the privacy request form after login #22927 + Update to TinyMCE 4.5.9 #22879 + Performance improvement for the category and tag managers #22117 + Fix for the delete module positions issue #22935 + Preventing the System Privacy Consent plugin from running when logging out through a menu item #22939 + Content - Page Break plugin: Possibility to use a template override for Previous/Next pagination #22932 + Fix navigation to the first page in pagination when SEF is off #23042 + System - User Actions Log plugin: Removal of the number of days limitation #23084 ------------------------------------------------------------------- Sun Nov 11 11:13:27 UTC 2018 - lars@linux-schulserver.de - Update to 3.9.0 + 3.9 intoduced the new Privacy Tool Suite by Joomla + Add notes to your articles in the backend, and filter them #19134 + A new search feature in the backend: search for a specific article content #20083 + Load a module by ID into your article #19362 + A repeatable custom field is now available #20243 + Create alternative layouts to fit your needs #18571 + Display the intro or full image in your newsflash module #20169 + Show only the articles from a specific author in your latest articles module (#20687), and more options! + A new toolbar button to edit associations #21022 + Propagate existing associations #21321 + Display your tags per language #19509 + Use Google Invisible reCAPTCHA on your websites #18146 + Argon2id Password is now supported #20855 ------------------------------------------------------------------- Thu Oct 11 12:26:12 UTC 2018 - lars@linux-schulserver.de - Update to 3.8.13 * Low Priority - Core - Hardening com_contact contact form * Low Priority - Core - Inadequate default access level for com_joomlaUpdate * Low Priority - Core - Access level Violation in com_tags * Low Priority - Core - ACL Violation in com_users for the admin verification * Low Priority - Core - CSRF hardening in com_installer ------------------------------------------------------------------- Wed Sep 12 21:17:36 UTC 2018 - lars@linux-schulserver.de - Update to 3.8.12 * Security - Core - Hardening the InputFilter for phar stubs * Security - Core - Stored XSS vulnerability in the frontend profile * Security - Core - ACL Violation in custom fields * mod_articles_latest and mod_articles_news: fix to show featured articles #21336 * Tags in com_content: fix to display tags when other item info are set to hidden #21275 * com_tags: All Tags default layout #21031 * Allows filtering by the archived state in the redirect component #21673 ------------------------------------------------------------------- Thu Aug 30 05:50:57 UTC 2018 - Adrian Schröter <adrian@suse.de> - Update to 3.8.12 Security Issues Fixed * Low Priority - Core - Hardening the InputFilter for phar stubs (affecting Joomla 1.5.0 through 3.8.11) * Low Priority - Core - Stored XSS vulnerability in the frontend profile (affecting Joomla 1.5.0 through 3.8.11) * Low Priority - Core - ACL Violation in custom fields (affecting Joomla 3.7.0 through 3.8.11) Bug fixes and Improvements * mod_articles_latest and mod_articles_news: fix to show featured articles * Tags in com_content: fix to display tags when other item info are set to hidden * com_tags: All Tags default layout * Allows filtering by the archived state in the redirect component ------------------------------------------------------------------- Mon Aug 6 13:02:41 UTC 2018 - Adrian Schröter <adrian@suse.de> - Update to 3.8.11 * Fix for the Missing "Select Type" field in the Extensions Manager #20881 * Replace the URL parameter "limitstart=0" by "start=0" when SEF is enabled #19452 * Remove non callable array items from field categories #20093 * Articles - Category Module: New ‘showon’ attribute for form fields #20950 * Fix OpenSearch implementation #20937 * Fix for tag filtering in Featured Articles view in administrator #21138 * Fix for filtering Featured Articles by access level in administrator #21168 * Media manager: relative paths for video files #21156 * Com_menus: removal of useglobal attribute #21095 * Multilingual Associations Component: fix associations in sidebyside view for contact and newsfeeds #21180 ------------------------------------------------------------------- Mon Jul 23 08:51:59 UTC 2018 - adrian@suse.de - Update to 3.8.10 Security Issues Fixed * Low Priority - Core - Local File Inclusion with PHP 5.3 (affecting Joomla 2.5.0 through 3.8.8) More information » * Low Priority - Core - XSS vulnerability in language switcher module (affecting Joomla 1.6.0 through 3.8.8) More information » Bug fixes and Improvements * Correctly escape the random image module output #20533 * Fix folder browsing and file upload that broke in 3.8.8 due to escaping #20586 * com_mailto (mail to friend) allows the usage of a Captcha by using JForm #20265 * Tag indexing improvement #13868 * Fix use of hyphens in data attributes #20579 * Updates to third party PHP libraries #20583 * CodeMirror Updated to 5.38.0 #20636 ------------------------------------------------------------------- Thu Jun 21 08:02:12 UTC 2018 - adrian@suse.de - Update to 3.8.8 Security fixes: * Low Priority - Core - ACL violation in access levels * Low Priority - Core - Add phar files to the upload blacklist * Moderate Priority - Core - Information Disclosure about unpublished tags * Low Priority - Core - Installer leaks plain text password to local user * Moderate Priority - Core - XSS Vulnerabilities & additional hardening * Low Priority - Core - Filter field in com_fields allows remote code execution * Low Priority - Core - Session deletion race condition * Low Priority - Core - Possible XSS attack in the redirect method * Low Priority - Core - XSS vulnerability in the media manager Bug fixes and Improvements * Miscellaneous accessibility improvements for the Backend * Updated CodeMirror to 5.37 and various improvements #20269 #19833 #12542 * Improved handling of numeric user group names #20091 * [com_content] Filter by no author #20245 * Added support for PHP 7.3’s is_countable function #20441 * Sending passwords by email disabled by default for new installs #20247 ------------------------------------------------------------------- Mon Apr 23 19:30:39 UTC 2018 - adrian@suse.de - Update to 3.8.7 Bugfix release * Various backend improvements for multi language websites (admin menus and associations) * CodeMirror editor Updated to 5.35.0 #19809 * Allow absolute or relative URLs for redirects #19942 * Improved handling of read-only field data in com_fields #20068 * Highlight all matching text in Smart Search results #20019 ------------------------------------------------------------------- Tue Mar 20 09:58:45 UTC 2018 - lars@linux-schulserver.de - Update to 3.8.6 Security Issues Fixed * Low Priority - Core - SQLi vulnerability in User Notes (affecting Joomla 3.5.0 through 3.8.5) Bug fixes and Improvements * Various session management improvements #19548, #19687 * Multilingual: Associated categories should display only when published #19551 * Improve performance of the com_content category view with filter by tags #19284 * [com_fields] Fields are not copied when batch duplicating an article #16958 * Pass the configuration tmp_path to the archive package for extension installations #19608 * Hide global configuration and system information from non super users #19697 * Language overrides do not find plugin language files when files are in the plugin language folder #19740 * reCAPTCHA V1 - Discontinued #19648 * Delete existing user_keys, if password is changed #17827 * PHP 7.2 compatibility fixes ------------------------------------------------------------------- Wed Feb 14 07:17:42 UTC 2018 - adrian@suse.de - Update to 3.8.5 Regressions of Joomla 3.8.4, including the revert of routing changes applied in Joomla 3.8.4 and broken syntax highlighting in the CodeMirror editor. ------------------------------------------------------------------- Tue Feb 6 10:08:44 UTC 2018 - adrian@suse.de - Update to 3.8.4 Security Fixes: * Low Priority - Core - XSS vulnerability in module chromes (affecting Joomla 3.0.0 through 3.8.3) More information » * Low Priority - Core - XSS vulnerability in com_fields (affecting Joomla 3.7.0 through 3.8.3) More information » * Low Priority - Core - XSS vulnerability in Uri class (affecting Joomla 1.5.0 through 3.8.3) More information » * Low Priority - Core - SQLi vulnerability in Hathor postinstall message (affecting Joomla 3.7.0 through 3.8.3) More information » Please see the documentation wiki for more information about the security patches. Bug Fixes and Improvements * Contact form loses data after submission with error #17743 * Smart Search performance improvement for common words #12450 * Performance improvement in Smart Search indexing process #17390 * Update jQuery Autocomplete to 1.4.7 #18113 * Update CodeMirror to 5.33.0 #18880 * Update srcset url conversion to handle commas and spaces #18327 * Custom Fields: Handle tag items properly #19006 * Fix filepath to PHPMailer language file #19072 * Display category title as page heading and page title when no menu item for com_content category #19195 * Respect access level in com_content #18417 * Miscellaneous PHP 7.2 compatibility fixes ------------------------------------------------------------------- Sun Jan 28 19:14:28 UTC 2018 - lars@linux-schulserver.de - Update to 3.8.3 Joomla 3.8.3 addresses several bugs, including: * Support for multiple download sources on Update servers (AKA download mirrors) #18926 * PHP 7.2 Compatibility fixes * Update TinyMCE 4.5.8 #18574 * Multilingual Associations component: reduce the number of duplicate queries #18544 * [com_fields] Multilanguage: fixing display of fields when the item concerned is set to ALL #18536 * Eliminate crippling performance of content search plugin for large sites with custom fields #18915 ------------------------------------------------------------------- Wed Nov 8 10:47:44 UTC 2017 - adrian@suse.de - Update to version 3.8.2 * Features and Security fixes as documented here: https://www.joomla.org/announcements/release-news/5716-joomla-3-8-2-release.html ------------------------------------------------------------------- Tue Sep 19 19:38:43 UTC 2017 - adrian@suse.de - Update to version 3.8.0 * Features and Security fixes as documented here: https://www.joomla.org/announcements/release-news/5713-joomla-3-8-0-release.html ------------------------------------------------------------------- Wed Aug 30 07:38:21 UTC 2017 - adrian@suse.de - Update to version 3.7.5 * Joomla! is not installing on remote databases #17248 ------------------------------------------------------------------- Thu Jul 27 17:39:24 UTC 2017 - lars@linux-schulserver.de - Update to version 3.7.4 * Security Issues Fixed - Core - Installer: Lack of Ownership Verification - Core - XSS Vulnerability - Visit the Security Centre for more information. * Bug Fixes - Fatal error for PHP 5.3 and a multilanguage site #16966 - Multilingual com_tags getting wrong language cookie #17084 - Post installation message: Wrong php detection #16964 - com_contact address is no longer displayed #16971 - Visit GitHub for the full list of bug fixes. ------------------------------------------------------------------- Fri Jul 7 14:51:22 UTC 2017 - adrian@suse.de - Update to version 3.7.3 * Security Issues Fixed - Core - Information Disclosure (affecting Joomla 1.7.3-3.7.2) More information » - Core - XSS Vulnerability (affecting Joomla 1.7.3-3.7.2) More information » - Core - XSS Vulnerability (affecting Joomla 1.5.0-3.6.5) More information » - Visit the Security Centre for More information » - Bug Fixes * Calendar fixes #16794 - Fix frontend menus of menu type "main" or "menu" and backend main menu #16577 - Tags: Respect Browser Page Title in view Tagged Items #16773 - Adding thumbs file names in Media Manager #16769 - Remove PHP memory_limit from max upload size calculation #16741 - Fix custom fields without a fieldgroup not being displayed #16705 - Update tinymce to 4.5.7 #16042 ------------------------------------------------------------------- Sun May 28 08:27:25 UTC 2017 - adrian@suse.de - Update to 3.7.2 * Fix mime checks #16091 * Clear cache with more operations #15606 * Setting week numbers to display per default #16117 * Fix Page filtering in the Modules manager #16118 * Fix Copy Reference to Target issue #16178 * Allow multiple values for the integer field #16153 * Visit GitHub for the full list of bug fixes. ------------------------------------------------------------------- Fri May 19 17:01:33 UTC 2017 - adrian@suse.de - Update to 3.7.1 * High Priority - Core - SQL Injection (affecting Joomla! 3.7.0) More information » Bug Fixes: * Fixed attribute checks in the new calendar #15573 * Inject the JInput dependency into the session handler #15605 * Fix b/c break in JMenuItem #15553 * Fix article ordering in the backend #15655 * Fix milliseconds handling in for PHP Versions lower to 7.1.0 #15853 * Fixing JFilterInput adding byte offsets to character offset #15966 * Redirection fails on multiple status values produced by old FOF2 Extensions #15738 * Remove empty locked cache file if callback function terminate process #15592 * Visit GitHub for the full list of bug fixes. ------------------------------------------------------------------- Wed Apr 26 06:21:37 UTC 2017 - adrian@suse.de - Update to 3.7.0 ------------------------------------------------------------------- Mon Dec 26 21:30:54 UTC 2016 - lars@linux-schulserver.de - Update to 3.6.5 ------------------------------------------------------------------- Tue May 24 17:18:07 UTC 2016 - lars@linux-schulserver.de - allow apache 2.4 ------------------------------------------------------------------- Sun Jan 18 12:08:45 UTC 2015 - lars@linux-schulserver.de - added initial apparmor profile ------------------------------------------------------------------- Thu Nov 20 15:56:28 UTC 2014 - lars@linux-schulserver.de - Update to 3.3.6: ------------------------------------------------------------------- Thu Sep 25 11:46:43 UTC 2014 - lars@linux-schulserver.de - Update to 3.3.4: + Security: Core XSS Vulnerability + Security: Core Unauthorised Logins ------------------------------------------------------------------- Thu Sep 4 19:39:11 UTC 2014 - lars@linux-schulserver.de - adapt/fix apache configuration - joomla developers want to get more rights for apache user - recommend php-zip ------------------------------------------------------------------- Mon Sep 1 16:38:53 UTC 2014 - lars@linux-schulserver.de - Update to 3.3.3: + GitHub [#3954] - Change the cloak container from div to span + GitHub [#3956] - Class attributes are not included in mailcloak + JoomlaCode [#33984] - Getting a 500 when trying to sort users by User Group in Modal + JoomlaCode [#33987] - User settings for Editor ignored - define and use JOOMLA_WEBROOT in robots.txt and apache config - let wwwrun own the logs and language directories ------------------------------------------------------------------- Tue Aug 26 11:44:45 UTC 2014 - lars@linux-schulserver.de - initial version 3.3.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
