Security Issues And Bugs Fixed In The New Joomla! 1.5.8
Recently, a new version of Joomla! content management system was released: Joomla! 1.5.8 [Wohnaiki]. In this release two security issues were fixed, as well as several bugs.
The default filtering for content ( the defaults on com_content article submission) was a security problem which allowed the existence of XSS vulnerabilities through the entry of dangerous HTML tags or scripts, affecting users with access level of author type or higher, if they have not set in com_content configuration the filtering options.
Practically, this new default filter for HTML compares a certain entry with the content of a black list and as a consequence it could determine the impossibility of correctly embedding Flash videos or Javascript code into articles. The filter optimal settings can be established from the Article Global Configuration options.
The other XSS vulnerability solved was related to the filtering for link descriptions: submission forms allowed for the existence of HTML code in the title or description of submitted links. These two security issues affected all installations of 1.5.x versions of Joomla! Framework.
Various bugs influencing the optimal functionality of components, modules, templates, administration and system were corrected, making Joomla! content management system more stable and responsive to the users needs.
A few elements with improved functionality are: email addresses cloaking, categories, sections, articles, RSS feeds, administration console, installer, media manager, cache, language file and many more. If you want to test the improvements of the latest Joomla! version, it is available for free download from Downloadtube website.
Related Articles
