Joomla 4.1.1 und 3.10.7 Security und Bugfix Release

Das CMS Joomla, erhielt das Update 4.1.1 und 3.10.7. Es behebt einige Fehler und schließt 7 bzw. 6 Sicherheitslücken.

Joomla 4.1.1 Release Notes

Security Issues Fixed

• [20220301] Low Severity – Moderate Impact – Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220302] Low Severity – Low Impact – Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220303] Low Severity – High Impact – User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220305] Low Severity – High Impact – Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220306] Low Severity – Low Impact – Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220307] Low Severity – Moderate Impact – Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) More information
• [20220308] Low Severity – Moderate Impact – Inadequate content filtering within the filter code  (affecting Joomla! 4.0.0 through 4.1.0) More information
• [20220309] Low Severity – Moderate Impact – XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) More information

Bug fixes and Improvements

• Fix language strings behaviour in TinyMCE
• Fix switch for syntax highlighting in TinyMCE
• Show failed tasks in scheduler
• Correct usage of Jooa11y parameters
• Codemirror enhancements
• Several 8.x PHP fixes

Visit GitHub for the full list of bug fixes.

Joomla 3.10.7 Release Notes

Security Issues Fixed

• [20220301] Low Severity – Moderate Impact – Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220302] Low Severity – Low Impact – Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220303] Low Severity – High Impact – User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220304] Low Severity – Moderate Impact – Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) More information
• [20220305] Low Severity – High Impact – Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
• [20220306] Low Severity – Low Impact – Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information

Bug fixes and Improvements

• Backport JQuery UI security patch for CVE-2021-41184 (#37308 (https://github.com/joomla/joomla-cms/pull/37308))
• Disable Google Fonts setting for 3.10.7+ new installations (#36888 (https://github.com/joomla/joomla-cms/pull/36888))
• [Regression] Fix updating redirect values unintentionally changed (#36951 (https://github.com/joomla/joomla-cms/pull/36951))
• Remove FLoC setting as it has been abandoned (#36861 (https://github.com/joomla/joomla-cms/pull/36861))
• E-Mail Cloak: TLDs long as 10 will no longer truncated until (#36986 (https://github.com/joomla/joomla-cms/pull/36986))
• Privacy Consent wording I agree vs I do not agree (#37181 (https://github.com/joomla/joomla-cms/pull/37181))

Visit GitHub for the full list of bug fixes.

Quelle: Joomla 4.1.1 and 3.10.7 Release