Das Entwicklerteam hat die neue Joomla Version 4.1.1 und für das Brückenupdate die Version 3.10.7, veröffentlicht. Die Update beheben einige Fehler und schließen 7 bzw. 6 Sicherheitslücken.

Purwin-IT bietet Joomla als Hostingpaket mit vorinstallierter Joomla Version und optimaler Servereinstelung: https://www.purwin-it.de/webhosting/joomla-hosting

Joomla 4.1.1 Security Notes

  • [20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220303] Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220307] Low Severity - Moderate Impact - Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) More information
  • [20220308] Low Severity - Moderate Impact - Inadequate content filtering within the filter code  (affecting Joomla! 4.0.0 through 4.1.0) More information
  • [20220309] Low Severity - Moderate Impact - XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) More information

Joomla 3.10.7 Security Notes

  • [20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220303] Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220304] Low Severity - Moderate Impact - Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) More information
  • [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information

Weiter Informationen zu den Bugfix unter: https://www.joomla.org/announcements/release-news/5857-joomla-4-1-1-and-3-10-7-release.html

Purwin-IT hat bereits alle Kunden informiert und im Rahmen der Wartungsverträge das Update installiert.