Joomla News
Joomla! Announcements
Joomla! Official News
01 March 2019
Joomla! - the dynamic portal engine and content management system- Joomla 3.9.3 Release
-
Keeping your Joomla website up-to-date
As of release 3.5 Joomla is collecting stats data, thanks to the stats plugin (only works if itβs enabled), and it found too many websites are not using the currently supported release of 3.9.2. This data is based on the Joomla, PHP, and database version. These are some pretty alarming statistics, and should not be ignored! We have provided some links at the bottom of this article for your reference, review, and to even get the latest release of Joomla.
- Joomla 3.9.2 Release
Joomla! Wiki
Joomla! Documentation - Recent changes [en]
01 March 2019
Track the most recent changes to the wiki in this feed.-
User:Spisani+
User account Spisani+ was created
-
User:JVAEL
User account JVAEL was created
-
GSOC 2019 Project Ideas
βMentors
β Older revision Revision as of 04:45, 1 March 2019 Line 43: Line 43: ===Mentors======Mentors===β * [mailto:benjamin@benjamintrenkle.deBenjamin Trenkle] (main mentor)+ * [mailto:benjamin.trenkle@community.joomla.orgBenjamin Trenkle] (main mentor)* [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. Viviana Menzel]* [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. Viviana Menzel]* [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. Harald Leithner]* [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. Harald Leithner]
Joomla! Security
Security Announcements
01 March 2019
-
[20190206] - Core - Implement the TYPO3 PHAR stream wrapper
- Project: Joomla!
- SubProject: CMS
- Impact:Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: Object Injection
- Reported Date: 2019-January-18
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7743
Description
The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By:David Jardin (JSST) -
[20190205] - Core - XSS Issue in core.js writeDynaList
- Project: Joomla!
- SubProject: CMS
- Impact:Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-October-07
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7740
Description
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By:Dimitris Grammatikogiannis -
[20190204] - Core - Stored XSS issue in the Global Configuration help url #2
- Project: Joomla!
- SubProject: CMS
- Impact:Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2019-January-16
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7741
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Reported By:Antonin Steinhauser
