Joomla! 3.9.25 セキュリティ & バグフィックスがリリースされています
セキュリティレベル Low 9つのセキュリティ & バグフィックス 3.9.25 がリリースされています。テストサイトでチェック後のアップデートをお勧めします。
Joomla 3.9.25 is now available. This is a security release for the 3.x series of Joomla which addresses 9 security vulnerabilities and contains more than 40 bug fixes and improvements.
Joomla! 3.9.25 をリリースしました。これはセキュリティ上の9つの脆弱性と40のバグフィックスと改善を含んだ3.x シリーズのセキュリティリリースです。
What’s in 3.9.25?
Joomla 3.9.25 includes 9 security vulnerability fixes and addresses several bugs, including:
Security Issues Fixed
- [20210301] Low Severity – Low Impact – Insecure randomness within 2FA secret generation (affecting Joomla! 3.2.0 through 3.9.24) More information »
- [20210302] Low Severity – Low Impact – Potential Insecure FOFEncryptRandval (affecting Joomla! 3.2.0 through 3.9.24) More information »
- [20210303] Low Severity – Moderate Impact – XSS within alert messages showed to users (affecting Joomla! 2.5.0 through 3.9.24) More information »
- [20210304] Low Severity – Moderate Impact – XSS within the feed parser library (affecting Joomla! 2.5.0 through 3.9.24) More information »
- [20210305] Low Severity – Low Impact – Input validation within the template manager (affecting Joomla! 3.2.0 through 3.9.24) More information »
- [20210306] Low Severity – Moderate Impact – com_media allowed paths that are not intended for image uploads (affecting Joomla! 3.0.0 through 3.9.24) More information »
- [20210307] Low Severity – Moderate Impact – ACL violation within com_content frontend editing (affecting Joomla! 3.0.0 through 3.9.24) More information »
- [20210308] Low Severity – Moderate Impact – Path Traversal within joomla/archive zip class (affecting Joomla! 3.0.0 through 3.9.24) More information »
- [20210309] Low Severity – Moderate Impact – Inadequate filtering of form contents could allow to overwrite the author field (affecting Joomla! 1.6.0 through 3.9.24) More information »
Bug fixes and Improvements
- Fix Save as Copy tag #32454
- Fix published attribute for Tag field #32332
- Fix batch menu items #32380
- Stream transport should enable verify_peer_name when possible #16501
- Optimize the code for rename incorrectly cased files on update #32176
- Addional PHP 8 improvments #31977 #32374
Visit GitHub for the full list of bug fixes.