Joomla 1.5.13 security release now available

Joomla 1.5.13 is a security release and users are strongly encouraged to upgrade immediately.

One low-level and two moderate-level security issues were fixed in this release.

High priority: Core – file upload: Tiny browser included with TinyMCE 3.0 editor allowed files to be uploaded and removed without logging in.

Moderate priority: Core – XSS: Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Components

  • Edit icon now appears in correct location
  • “usertype” column is now saved correctly in the database during front-end account creation.

Modules

  • No modules issues were fixed for this release.

Plugins

  • Typographical error fixed in PHPdoc comment
  • TinyMCE editor now works when using compressed mode
  • Media Manager now shows correct message after a successful upload
  • Image button can be used by users who don’t have upload permission.

The full download package of Joomla 1.5.13 is available here.




Share this