Am 24.11.2020 wurde die neue Joomla Version 3.9.23 veröffentlicht. Es wurden 35 Fehler behoben und 7 kleinere Sicherheitslücken geschlossen. Zusätzlich ist Joomla jetzt PHP8 kompatibel.
Security Issues Fixed
- [20201101] Low Priority - High Impact - com_finder ignores access levels on autosuggest (affecting Joomla! 2.5.0 through 3.9.22) More information »
- [20201102] Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page (affecting Joomla! 2.5.0 through 3.9.22) More information »
- [20201103] Low Priority - Moderate Impact - Path traversal in mod_random_image (affecting Joomla! 2.5.0 through 3.9.22) More information »
- [20201104] Low Priority - High Impact - SQL injection in com_users list view (affecting Joomla! 3.0.0 through 3.9.22) More information »
- [20201105] Low Priority - Low Impact - User Enumeration in backend login (affecting Joomla! 3.9.0 through 3.9.22) More information »
- [20201106] Low Priority - Low Impact - CSRF in com_privacy emailexport feature (affecting Joomla! 3.9.0 through 3.9.22) More information »
- [20201107] Low Priority - High Impact - Write ACL violation in multiple core views (affecting Joomla! 1.7.0 through 3.9.22) More information »
Bug fixes and Improvements
In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility (see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445).