Joomla 1.5.13 security release now available

Joomla 1.5.13 is a security release and users are strongly encouraged to upgrade immediately.

One low-level and two moderate-level security issues were fixed in this release.

High priority: Core – file upload: Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

Moderate priority: Core – XSS: Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Components

• Edit icon now appears in correct location
• “usertype” column is now saved correctly in the database during front-end account creation.

Modules

• No modules issues were fixed for this release.

Plugins

• Typographical error fixed in PHPdoc comment
• TinyMCE editor now works when using compressed mode
• Media Manager now shows correct message after a successful upload
• Image button can be used by users who don’t have upload permission.

The full download package of Joomla 1.5.13 is available here.