- update to 3.10.11
  * Fixes for migration to version 4

- drop reference to google font server in default theme to be in 
  sync with DSGVO regulation

• Files Changed
• Browse Source

- Update to 3.10.6
  * Should be used to prepare upgrade to joomla4 package

• Files Changed
• Browse Source

fix version

• Files Changed
• Browse Source

- Update to 3.10.5
  * Privacy requests and confirmation can now be made by logged-in 
    users only (#35470)
  * Improve the message for the backups to specifically include the 
    'filesystem' and the 'database' (#36494)
  * Fix an regression with the Progressive caching to cache modules 
    per custom menu assignment (#36324)
  * Update simplepie to 1.3.3 (#36358)
  * PHP 8.1 compatibility patches (#36083, #35485) Please note if you 
    show 'all errors' there could be deprication notices on some pages.
  * Update cacert.pem as of: Tue Oct 26 03:12:05 2021 GMT (#35955)
  * Fix wrong input filter type for extension names of site and admin 
    languages in the extensions installer (#35980)
  * Fix tinymce issues when resorting happens (#34808)
  * Fix an calendar error with IE11 (#35819)
  * Update the cacert file (#35785)
  * Improve the loading of tags on the contacts component (#35764)

• Files Changed
• Browse Source

use correct version

• Files Changed
• Browse Source

- Update to 3.10.2
  * Fix misleading "Update Required" in the pre-update checker #35510
  * Fix javascript error for pre-update checker #35481
  * Change text when com_joomlaupdate update available #35373
  * fix language string case message for old sts settings

• Files Changed
• Browse Source

- Update to 3.10.0
- Pre-Requirement for a joomla 4.x update!

• Files Changed
• Browse Source

- Update to 3.9.28
  Security Issues Fixed
  * Low Severity - Low Impact - XSS in JForm Rules field
  * Low Severity - Low Impact - DoS through usergroup table manipulation
  * Low Severity - Moderate Impact - Lack of enforced session termination
  * Low Severity - High Impact - Privilege escalation through com_installer
  * Low Severity - Moderate Impact - XSS in com_media imagelist
  Bug fixes and Improvements
  * Update CA certificates #34693
  * Smart Search: Fix inserting tokens to DB #34497
  * Fix search suggestions for mixed-case searches #33942

• Files Changed
• Browse Source

- Update to 3.9.27
  Security Issues Fixed
  * Low Severity - Low Impact - Adding HTML to the executable block list
    of MediaHelper::canUpload
  * Low Severity - Low Impact - CSRF in AJAX reordering endpoint
  * Low Severity - Low Impact - CSRF in data download endpoints
  Bug fixes and Improvements
  * Disable FLoC by default #33212
  * Postgres compatibility fixes for smart search #31809
  * Allow objects stored in tables as json #33633
  * Improve indexing performance of Smart Search #33720
  * Addional PHP 8 improvment #33113

• Files Changed
• Browse Source

- Update to 3.9.26
  Security Issues Fixed
  * Low Severity - Low Impact - Escape xss in logo parameter error pages
  * Low Severity - Low Impact - Inadequate filters on module layout settings
  Bug fixes and Improvements
  * Fix caching issues after rebuilding update sites #33040
  * Allow to configure load balancer/reverse proxy setting #32866
  * Fix loosing extra query parameter for update sites #32862
  * MySQL and MariaDB compatibility fixes #32605
  * Fix frontend create article permission #32470
  * Update CodeMirror to 5.60.0 #32926
  * Addional PHP 8 improvment #32767

• Files Changed
• Browse Source

- Update to 3.9.25
  Security Issues Fixed (CVE-2021-23126, CVE-2021-23127, CVE-2021-23128, 
  CVE-2021-23129, CVE-2021-23130, CVE-2021-23132, CVE-2021-26027, CVE-2021-26029)
  + Insecure randomness within 2FA secret generation
  + Potential Insecure FOFEncryptRandval
  + XSS within alert messages showed to users
  + XSS within the feed parser library
  + Input validation within the template manager
  + com_media allowed paths that are not intended for image uploads
  + ACL violation within com_content frontend editing
  + Path Traversal within joomla/archive zip class
  + Inadequate filtering of form contents could allow to overwrite the author field
  Bug fixes and Improvements
  + Fix Save as Copy tag #32454
  + Fix published attribute for Tag field #32332
  + Fix batch menu items #32380
  + Stream transport should enable verify_peer_name when possible #16501
  + Optimize the code for rename incorrectly cased files on update #32176
  + Addional PHP 8 improvments #31977 #32374
  Security Issues Fixed (CVE-2021-23123, CVE-2021-23124 and CVE-2021-23125)
   * Low Severity - Low Impact - com_modules exposes module names 
     (affecting Joomla! 3.0.0 through 3.9.23) More information »
   * Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label 
     attribute (affecting Joomla! 3.9.0 through 3.9.23) More information »
   * Low Severity - Moderate Impact - XSS in com_tags image parameters 
     (affecting Joomla! 3.1.0 through 3.9.23) More information »

• Files Changed
• Browse Source

- update to 3.9.24
  Security Issues Fixed
   * Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information »
   * Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information »
   * Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information »
  Bug fixes and Improvements
   * Continuing to improve PHP 8 support #31628 #31537 #31536 #30921
   * Solved performance issue with zip archives containing zip files #31514
   * Removes deprecate feature-policy and adds the new Permissions Policy #30819
   * Update joomla/image dependency #31663
   * Fixed regression SMTP Settings Test #31724
   * Fixed regression to save empty passwords in global configuration #31672

• Files Changed
• Browse Source

- Update source download link and remove _service file (run 'osc service runall download_files' to download
- Use correct version number
- Use system apache rpm macros

• Files Changed
• Browse Source

- Update to 3.9.23
  Security Issues Fixed
  + Low Priority - High Impact - com_finder ignores access levels on autosuggest
  + Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page
  + Low Priority - Moderate Impact - Path traversal in mod_random_image
  + Low Priority - High Impact - SQL injection in com_users list view
  + Low Priority - Low Impact - User Enumeration in backend login
  + Low Priority - Low Impact - CSRF in com_privacy emailexport feature
  + Low Priority - High Impact - Write ACL violation in multiple core views
  Bug fixes and Improvements
  In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), 
  Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility 
  (see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445).
  + TinyMCE updated #30329
  + Fix for frontend module editing permissions #30778
  + Fix for the lost of transparency when cropping/resizing images #30977
  + Validation rule added for the redirect header field #31016

• Files Changed
• Browse Source

- Update to 3.9.22
  Bug fixes and Improvements
  + Contact component: Fix for the category filter results #30413
  + Page Break: Fix for the page break title when the title attribute
    is after the class #30519
  + Privacy Request: Fix the token check when removing data via a
    privacy removal request #30479
  + Multilanguage: Display an error when the URL language code
    is saved as empty #30496
  + Multilanguage: Force lowercase for url language code #30485

• Files Changed
• Browse Source

- Update to 3.9.21
  Security Issues Fixed
  + Low Priority - Core - XSS in mod_latestactions
  + Low Priority - Core - Open redirect in com_content vote feature
  + Low Priority - Core - Directory traversal in com_media
  Bug fixes and Improvements
  + TinyMCE updated #30329
  + CodeMirror updated #30370
  + Upload Package File / Joomla Update : Upload file size check added #30190 #29895
  + Actions Log: Log an event when Joomla is updated #30157

• Files Changed
• Browse Source

- Update to 3.9.20
  Security Issues Fixed
  + Low Priority - Core - CSRF in com_installer ajax_install endpoint
  + Moderate Priority - Core - Missing checks can lead to a broken 
    usergroups table record 
  + Low Priority - Core - CSRF in com_privacy remove-request feature
  + Low Priority - Core - Variable tampering via user table class
  + Low Priority - Core - Escape mod_random_image link
  + Low Priority - Core - System Information screen could expose
    redis or proxy credentials
  Bug fixes and Improvements
  + Upload & Update tab of Joomla Update Component: Fix to allow 
    upload of ZIP filetype only #29877
  + Local database server: Allow optional port numbers #29567
  + Beez3 Template: Markup fix for the Tabs layout of com_contact #29636
  + Beez3 Template: Allow custom field editing on frontend #29577
  + Backend cache cleared when purging updates #29603

• Files Changed
• Browse Source

- Update to 3.9.19
  Security Issues Fixed
  * Low Priority - Core - XSS in modules heading tag option
  * Low Priority - Core - Inconsistent default textfilter settings
  * Low Priority - Core - XSS in com_modules tag options
  * Moderate Priority - Core - XSS in jQuery.htmlPrefilter
  * Low Priority - Core - CSRF in com_postinstall
  Bug fixes and Improvements
  * Fix incomplete utf8mb4 conversion since 3.9.17 #29117
  * Backport jQuery 3.5 security fixes #28948
  * Frontend: Removal of the create/edit menu item buttons #29191
  * Extend the checks to make sure only real user admins can create accounts #28948
  * Mail: Support of dotless domains #28576
  * Codemirror updated to its latest release #28691
  * Improve translation system supporting better pluralization for
    languages like Welsh #28763

• Files Changed
• Browse Source

- Update to 3.9.18
  Bug fixes and Improvements
  + Fixes the single tag view incorrectly showing a 404 page #28746
- Update to 3.9.16
- Update to 3.9.15
- Update to 3.9.14
- Update to 3.9.13
- Update to 3.9.12
- Update to 3.9.11
- Update to 3.9.10
  + Low Priority - Core - ACL hardening of com_joomlaUpdate
- Update to 3.9.6
- Update to 3.9.5
- Update to 3.9.4
- Update to 3.9.3
- Update to 3.9.2
- Update to 3.9.1
- Update to 3.9.0
- Update to 3.8.13
  * Low Priority - Core - Inadequate default access level for com_joomlaUpdate
- Update to 3.8.12
- Update to 3.8.12
- Update to 3.8.11
- Update to 3.8.10
   * CodeMirror Updated to 5.38.0 #20636
- Update to 3.8.8
- Update to 3.8.7
  * CodeMirror editor Updated to 5.35.0 #19809
- Update to 3.8.6
- Update to 3.8.5

• Files Changed
• Browse Source

- update to 3.9.16
  Security Issues Fixed
  + Low Priority - Core - SQL injection in Featured Articles menu parameters
  + Low Priority - Core - CSRF in com_templates image actions
  + Low Priority - Core - XSS in Protostar and Beez3
  + Low Priority - Core - Incorrect Access Control in com_templates
  + Low Priority - Core - Identifier collisions in com_users
  + Low Priority - Core - Incorrect Access Control in com_fields SQL field
  Bug fixes and Improvements
  + Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ 
    and ‘ugc’ attributes #28055 
  + Fields - Imagelist: Correct the display of the folder structure #16708
  + Popular Tags Module fix #27745
  + User - Contact Creator plugin: catid fixed #27949

• Files Changed
• Browse Source