Joomla 1.5.13 security release now available
Joomla 1.5.13 is a security release and users are strongly encouraged to upgrade immediately.
One low-level and two moderate-level security issues were fixed in this release.
High priority: Core – file upload: Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.
Moderate priority: Core – XSS: Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.
- Edit icon now appears in correct location
- “usertype” column is now saved correctly in the database during front-end account creation.
- No modules issues were fixed for this release.
- Typographical error fixed in PHPdoc comment
- TinyMCE editor now works when using compressed mode
- Media Manager now shows correct message after a successful upload
- Image button can be used by users who don’t have upload permission.
The full download package of Joomla 1.5.13 is available here.