Joomla! 3.9.23 セキュリティ & バグフィックスがリリースされています
Joomla! 3.9.23 セキュリティ & バグフィックスがリリースされています
セキュリティレベル Low 7つのセキュリティ & バグフィックス 3.9.23 がリリースされています。テストサイトでチェック後のアップデートをお勧めします。
PHP8対応になっているようです。
Joomla 3.9.23 is now available. This is a security release for the 3.x series of Joomla which addresses 7 security vulnerabilities and contains more than 35 bug fixes and improvements.
Joomla! 3.9.23 をリリースしました。これはセキュリティ上の7つの脆弱性と35のバグフィックスと改善を含んだ3.x シリーズのセキュリティリリースです。
What’s in 3.9.23?
Joomla 3.9.23 includes 7 security vulnerability fixes and addresses several bugs, including:
Security Issues Fixed
- [20201101] Low Priority – High Impact – com_finder ignores access levels on autosuggest (affecting Joomla! 2.5.0 through 3.9.22) More information »
- [20201102] Low Priority – Moderate Impact – Disclosure of secrets in Global Configuration page (affecting Joomla! 2.5.0 through 3.9.22) More information »
- [20201103] Low Priority – Moderate Impact – Path traversal in mod_random_image (affecting Joomla! 2.5.0 through 3.9.22) More information »
- [20201104] Low Priority – High Impact – SQL injection in com_users list view (affecting Joomla! 3.0.0 through 3.9.22) More information »
- [20201105] Low Priority – Low Impact – User Enumeration in backend login (affecting Joomla! 3.9.0 through 3.9.22) More information »
- [20201106] Low Priority – Low Impact – CSRF in com_privacy emailexport feature (affecting Joomla! 3.9.0 through 3.9.22) More information »
- [20201107] Low Priority – High Impact – Write ACL violation in multiple core views (affecting Joomla! 1.7.0 through 3.9.22) More information »
Bug fixes and Improvements
In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility (see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445).
- TinyMCE updated #30329
- Fix for frontend module editing permissions #30778
- Fix for the lost of transparency when cropping/resizing images #30977
- Validation rule added for the redirect header field #31016
Visit GitHub for the full list of bug fixes.