Am 29.03.2022 wurde die neue Joomla!-Version 4.1.1 und die Joomla!-Version 3.10.7 Version veröffentlicht. Leider kam es zu einen Fehler deshalb wurde am 30.03.2022 die Version 4.1.2 und 3.10.8 nach gereicht.
Behobene Sicherheitsprobleme in 4.1.1
-
[20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
-
[20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
-
[20220303] Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
-
[20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
-
[20220306] Low Severity - Low Impact - Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
-
[20220307] Low Severity - Moderate Impact - Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) More information
-
[20220308] Low Severity - Moderate Impact - Inadequate content filtering within the filter code (affecting Joomla! 4.0.0 through 4.1.0) More information
-
[20220309] Low Severity - Moderate Impact - XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) More information
Fehlerkorrekturen und Verbesserungen in 4.1.1
-
Fix language strings behaviour in TinyMCE
-
Fix switch for syntax highlighting in TinyMCE
-
Show failed tasks in scheduler
-
Correct usage of Jooa11y parameters
-
Codemirror enhancements
-
Several 8.x PHP fixes
Behobene Sicherheitsprobleme in 4.011
- [20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220303] Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220304] Low Severity - Moderate Impact - Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) More information
- [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
- [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
Fehlerkorrekturen und Verbesserungen in 4.1.1
- Backport JQuery UI security patch for CVE-2021-41184 (#37308 (https://github.com/joomla/joomla-cms/pull/37308))
- Disable Google Fonts setting for 3.10.7+ new installations (#36888 (https://github.com/joomla/joomla-cms/pull/36888))
- [Regression] Fix updating redirect values unintentionally changed (#36951 (https://github.com/joomla/joomla-cms/pull/36951))
- Remove FLoC setting as it has been abandoned (#36861 (https://github.com/joomla/joomla-cms/pull/36861))
- E-Mail Cloak: TLDs long as 10 will no longer truncated until (#36986 (https://github.com/joomla/joomla-cms/pull/36986))
- Privacy Consent wording I agree vs I do not agree (#37181 (https://github.com/joomla/joomla-cms/pull/37181))