Joomla 3.8.8 Sicherheitsupdate und Fehlerbehebungen

Mit der Joomla Version 3.8.8 schließen die Entwickler 9 Sicherheitsfehler und eine Reihe an weiteren Fehlern.

Die neun Sicherheitsfehler:

  • CVE-2018-11323 Low Priority  - Core - ACL violation in access levels (affecting Joomla 2.5.0 through 3.8.7)
  • CVE-2018-11322 Low Priority -  Core - Add phar files to the upload blacklist (affecting Joomla 2.5.0 through 3.8.7)
  • CVE-2018-11327 Moderate Priority -  Core - Information Disclosure about unpublished tags (affecting Joomla 3.1.0 through 3.8.7)
  • CVE-2018-11325 Low Priority -  Core - Installer leaks plain text password to local user (affecting Joomla 3.0.0 through 3.8.7) 
  • CVE-2018-11326 Moderate Priority -  Core - XSS Vulnerabilities & additional hardening (affecting Joomla 3.0.0 through 3.8.7)
  • CVE-2018-11321 Low Priority - Core - Filter field in com_fields allows remote code execution (affecting Joomla 3.7.0 through 3.8.7)
  • CVE-2018-11324 Low Priority - Core - Session deletion race condition (affecting Joomla 3.0.0 through 3.8.7)
  • CVE-2018-11328 Low Priority - Core - Possible XSS attack in the redirect method (affecting Joomla 3.2.1 through 3.8.7)
  • CVE-2018-6378 Low Priority - Core - XSS vulnerability in the media manager (affecting Joomla 1.5.0 through 3.8.7)

Fehlerbehebungen:

  • Miscellaneous accessibility improvements for the Backend
  • Support Codemirror's included key mappings #19833
  • Make CodeMirror work in repeatable subforms #12542
  • Fix for JUserHelper::addUserToGroup() when user group title is a number #20091
  • [com_content] Filter by no author #20245
  • Sending passwords by email disabled by default for new installs #20247
  • Auf Github findet ihr eine vollständige List der Bug Fixes.