Joomla! 1.5.8 Fixes Two Security Flaws
After the runner-up award in the “Overall Best Open Source CMS” category as a part of PacktPub’s CMS awards, yesterday the “Joomla! Bug Squad” corrected two minor security flaws in the popular content management system and released the latest version of the platform, 1.5.8, codenamed “Wohnaiki”.
This new major release, which comes about two months after the previous 1.5.7 version, doesn’t add any feature to the platform, but rather corrects some bugs and two XSS (cross-site scripting) security issues in particular:
- Com_content XSS Vulnerability: allows entry of dangerous HTML in article submission with default settings for users with Author access or higher and without filters set up in com_content configuration.
- Com_weblinks XSS Vulnerability: allows raw HTML to be placed in the title and description tags for weblink submissions from both the administrator and site submission forms.
Both these vulnerabilities affect 1.5.x version of the platform, including the previous 1.5.7. Webmasters are recommended to upgrade to the latest version to fix these and other minor bugs that were detected and quickly corrected by the open source developers team.
Other minor updates correct components, modules and some of the default templates that are shipped with the default package: a complete list of the fixes can be read in an official post on Joomla’s official website, while the new full, stable package can be downloaded directly from here.
Tags: Bug Squad, CMS Security, Joomla!
Dario Borghino
Dario Borghino is a computer engineering student at Turin's
Polytechnic, Italy. He started writing science and technology related
articles in February 2008 and his articles have appeared on sites such
as ISEdb.COM, eHow and Suite101.com. You can visit his personal Web site here.
More posts by Dario Borghino
