File joomla.changes of Package joomla
-------------------------------------------------------------------
Tue Oct 25 07:19:05 UTC 2022 - Adrian Schröter <adrian@suse.de>
- update to 3.10.11
* Fixes for migration to version 4
-------------------------------------------------------------------
Tue Oct 25 07:13:59 UTC 2022 - Adrian Schröter <adrian@suse.de>
- drop reference to google font server in default theme to be in
sync with DSGVO regulation
-------------------------------------------------------------------
Fri Mar 18 06:55:13 UTC 2022 - Adrian Schröter <adrian@suse.de>
- Update to 3.10.6
* Should be used to prepare upgrade to joomla4 package
-------------------------------------------------------------------
Mon Feb 7 08:17:16 UTC 2022 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.10.5
* Privacy requests and confirmation can now be made by logged-in
users only (#35470)
* Improve the message for the backups to specifically include the
'filesystem' and the 'database' (#36494)
* Fix an regression with the Progressive caching to cache modules
per custom menu assignment (#36324)
* Update simplepie to 1.3.3 (#36358)
* PHP 8.1 compatibility patches (#36083, #35485) Please note if you
show 'all errors' there could be deprication notices on some pages.
* Update cacert.pem as of: Tue Oct 26 03:12:05 2021 GMT (#35955)
* Fix wrong input filter type for extension names of site and admin
languages in the extensions installer (#35980)
* Fix tinymce issues when resorting happens (#34808)
* Fix an calendar error with IE11 (#35819)
* Update the cacert file (#35785)
* Improve the loading of tags on the contacts component (#35764)
-------------------------------------------------------------------
Mon Sep 20 17:09:08 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.10.2
* Fix misleading "Update Required" in the pre-update checker #35510
* Fix javascript error for pre-update checker #35481
* Change text when com_joomlaupdate update available #35373
* fix language string case message for old sts settings
-------------------------------------------------------------------
Fri Aug 20 13:23:03 UTC 2021 - Adrian Schröter <adrian@suse.de>
- Update to 3.10.0
- Pre-Requirement for a joomla 4.x update!
-------------------------------------------------------------------
Mon Jul 19 07:47:42 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.9.28
Security Issues Fixed
* Low Severity - Low Impact - XSS in JForm Rules field
* Low Severity - Low Impact - DoS through usergroup table manipulation
* Low Severity - Moderate Impact - Lack of enforced session termination
* Low Severity - High Impact - Privilege escalation through com_installer
* Low Severity - Moderate Impact - XSS in com_media imagelist
Bug fixes and Improvements
* Update CA certificates #34693
* Smart Search: Fix inserting tokens to DB #34497
* Fix search suggestions for mixed-case searches #33942
-------------------------------------------------------------------
Wed Jun 2 13:39:42 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.9.27
Security Issues Fixed
* Low Severity - Low Impact - Adding HTML to the executable block list
of MediaHelper::canUpload
* Low Severity - Low Impact - CSRF in AJAX reordering endpoint
* Low Severity - Low Impact - CSRF in data download endpoints
Bug fixes and Improvements
* Disable FLoC by default #33212
* Postgres compatibility fixes for smart search #31809
* Allow objects stored in tables as json #33633
* Improve indexing performance of Smart Search #33720
* Addional PHP 8 improvment #33113
-------------------------------------------------------------------
Sun Apr 18 07:02:42 UTC 2021 - Adrian Schröter <adrian@suse.de>
- Update to 3.9.26
Security Issues Fixed
* Low Severity - Low Impact - Escape xss in logo parameter error pages
* Low Severity - Low Impact - Inadequate filters on module layout settings
Bug fixes and Improvements
* Fix caching issues after rebuilding update sites #33040
* Allow to configure load balancer/reverse proxy setting #32866
* Fix loosing extra query parameter for update sites #32862
* MySQL and MariaDB compatibility fixes #32605
* Fix frontend create article permission #32470
* Update CodeMirror to 5.60.0 #32926
* Addional PHP 8 improvment #32767
-------------------------------------------------------------------
Wed Mar 3 15:46:34 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.9.25
Security Issues Fixed (CVE-2021-23126, CVE-2021-23127, CVE-2021-23128,
CVE-2021-23129, CVE-2021-23130, CVE-2021-23132, CVE-2021-26027, CVE-2021-26029)
+ Insecure randomness within 2FA secret generation
+ Potential Insecure FOFEncryptRandval
+ XSS within alert messages showed to users
+ XSS within the feed parser library
+ Input validation within the template manager
+ com_media allowed paths that are not intended for image uploads
+ ACL violation within com_content frontend editing
+ Path Traversal within joomla/archive zip class
+ Inadequate filtering of form contents could allow to overwrite the author field
Bug fixes and Improvements
+ Fix Save as Copy tag #32454
+ Fix published attribute for Tag field #32332
+ Fix batch menu items #32380
+ Stream transport should enable verify_peer_name when possible #16501
+ Optimize the code for rename incorrectly cased files on update #32176
+ Addional PHP 8 improvments #31977 #32374
-------------------------------------------------------------------
Wed Feb 24 07:44:41 UTC 2021 - Adrian Schröter <adrian@suse.de>
- update to 3.9.24
Security Issues Fixed (CVE-2021-23123, CVE-2021-23124 and CVE-2021-23125)
* Low Severity - Low Impact - com_modules exposes module names
(affecting Joomla! 3.0.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label
attribute (affecting Joomla! 3.9.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in com_tags image parameters
(affecting Joomla! 3.1.0 through 3.9.23) More information »
Bug fixes and Improvements
* Continuing to improve PHP 8 support #31628 #31537 #31536 #30921
* Solved performance issue with zip archives containing zip files #31514
* Removes deprecate feature-policy and adds the new Permissions Policy #30819
* Update joomla/image dependency #31663
* Fixed regression SMTP Settings Test #31724
* Fixed regression to save empty passwords in global configuration #31672
-------------------------------------------------------------------
Wed Dec 9 19:15:54 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- Update source download link and remove _service file (run 'osc service
runall download_files' to download
- Use correct version number
- Use system apache rpm macros
-------------------------------------------------------------------
Mon Nov 30 19:04:22 UTC 2020 - lars@linux-schulserver.de - 3.9.23
- Update to 3.9.23
Security Issues Fixed
+ Low Priority - High Impact - com_finder ignores access levels on autosuggest
+ Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page
+ Low Priority - Moderate Impact - Path traversal in mod_random_image
+ Low Priority - High Impact - SQL injection in com_users list view
+ Low Priority - Low Impact - User Enumeration in backend login
+ Low Priority - Low Impact - CSRF in com_privacy emailexport feature
+ Low Priority - High Impact - Write ACL violation in multiple core views
Bug fixes and Improvements
In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020),
Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility
(see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445).
+ TinyMCE updated #30329
+ Fix for frontend module editing permissions #30778
+ Fix for the lost of transparency when cropping/resizing images #30977
+ Validation rule added for the redirect header field #31016
-------------------------------------------------------------------
Thu Oct 15 16:02:44 UTC 2020 - lars@linux-schulserver.de - 3.9.22
- Update to 3.9.22
Bug fixes and Improvements
+ Contact component: Fix for the category filter results #30413
+ Page Break: Fix for the page break title when the title attribute
is after the class #30519
+ Privacy Request: Fix the token check when removing data via a
privacy removal request #30479
+ Multilanguage: Display an error when the URL language code
is saved as empty #30496
+ Multilanguage: Force lowercase for url language code #30485
-------------------------------------------------------------------
Sun Aug 30 11:37:09 UTC 2020 - lars@linux-schulserver.de - 3.9.21
- Update to 3.9.21
Security Issues Fixed
+ Low Priority - Core - XSS in mod_latestactions
+ Low Priority - Core - Open redirect in com_content vote feature
+ Low Priority - Core - Directory traversal in com_media
Bug fixes and Improvements
+ TinyMCE updated #30329
+ CodeMirror updated #30370
+ Upload Package File / Joomla Update : Upload file size check added #30190 #29895
+ Actions Log: Log an event when Joomla is updated #30157
-------------------------------------------------------------------
Wed Jul 15 07:46:09 UTC 2020 - lars@linux-schulserver.de - 3.9.20
- Update to 3.9.20
Security Issues Fixed
+ Low Priority - Core - CSRF in com_installer ajax_install endpoint
+ Moderate Priority - Core - Missing checks can lead to a broken
usergroups table record
+ Low Priority - Core - CSRF in com_privacy remove-request feature
+ Low Priority - Core - Variable tampering via user table class
+ Low Priority - Core - Escape mod_random_image link
+ Low Priority - Core - System Information screen could expose
redis or proxy credentials
Bug fixes and Improvements
+ Upload & Update tab of Joomla Update Component: Fix to allow
upload of ZIP filetype only #29877
+ Local database server: Allow optional port numbers #29567
+ Beez3 Template: Markup fix for the Tabs layout of com_contact #29636
+ Beez3 Template: Allow custom field editing on frontend #29577
+ Backend cache cleared when purging updates #29603
-------------------------------------------------------------------
Wed Jun 3 15:13:27 UTC 2020 - lars@linux-schulserver.de - 3.9.19
- Update to 3.9.19
Security Issues Fixed
* Low Priority - Core - XSS in modules heading tag option
* Low Priority - Core - Inconsistent default textfilter settings
* Low Priority - Core - XSS in com_modules tag options
* Moderate Priority - Core - XSS in jQuery.htmlPrefilter
* Low Priority - Core - CSRF in com_postinstall
Bug fixes and Improvements
* Fix incomplete utf8mb4 conversion since 3.9.17 #29117
* Backport jQuery 3.5 security fixes #28948
* Frontend: Removal of the create/edit menu item buttons #29191
* Extend the checks to make sure only real user admins can create accounts #28948
* Mail: Support of dotless domains #28576
* Codemirror updated to its latest release #28691
* Improve translation system supporting better pluralization for
languages like Welsh #28763
-------------------------------------------------------------------
Thu Apr 23 13:09:42 UTC 2020 - lars@linux-schulserver.de - 3.9.18
- Update to 3.9.18
Bug fixes and Improvements
+ Fixes the single tag view incorrectly showing a 404 page #28746
-------------------------------------------------------------------
Wed Mar 11 19:59:17 UTC 2020 - lars@linux-schulserver.de - 3.9.16
- Update to 3.9.16
Security Issues Fixed
+ Low Priority - Core - SQL injection in Featured Articles menu parameters
+ Low Priority - Core - CSRF in com_templates image actions
+ Low Priority - Core - XSS in Protostar and Beez3
+ Low Priority - Core - Incorrect Access Control in com_templates
+ Low Priority - Core - Identifier collisions in com_users
+ Low Priority - Core - Incorrect Access Control in com_fields SQL field
Bug fixes and Improvements
+ Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’
and ‘ugc’ attributes #28055
+ Fields - Imagelist: Correct the display of the folder structure #16708
+ Popular Tags Module fix #27745
+ User - Contact Creator plugin: catid fixed #27949
-------------------------------------------------------------------
Wed Jan 29 16:29:57 UTC 2020 - lars@linux-schulserver.de - 3.9.15
- Update to 3.9.15
Security Issues Fixed
+ Low Priority - Core - CSRF in batch actions
+ Low Priority - Core - CSRF com_templates LESS compiler
+ Low Priority - Core - XSS in com_actionlogs
Bug fixes and Improvements
+ Beez Template: Fix the consent field modal #23205
+ Action Log emails: Use of absolute URLs #27432
+ TinyMCE fixes: #27498 #27519
+ User email addresses: Case insensitive management #24117
+ Prevent library extensions to overwrite core files #27300
-------------------------------------------------------------------
Wed Dec 18 18:23:03 UTC 2019 - lars@linux-schulserver.de - 3.9.14
- Update to 3.9.14
Security Issues Fixed
+ Low Priority - Core - Path Disclosure in framework files
+ Low Priority - Core - Various SQL injections through configuration
parameters
Bug fixes and Improvements
+ Improve PHP 7.4 compatibility #27190 #27219
+ Fix incorrect id generated for input fields in repetable subform #27081
+ Fix Sample Data Learn #27100 #27101 #27102
+ Allow JSON Document caching #27161
+ Avoid errors when Joomla! gets outdated #27197
+ Show full video filename and preview icon in Media Manager #27230
-------------------------------------------------------------------
Wed Nov 6 15:41:24 UTC 2019 - lars@linux-schulserver.de - 3.9.13
- Update to 3.9.13
Security Issues Fixed
+ Low Priority - Core - CSRF in com_template overrides view
+ Low Priority - Core - Path Disclosure in phpuft8 mapping files
Bug fixes and Improvements
+ Improve PHP 7.4 compatibility #25801 #25782 #26615 #26865
+ Improve reverse proxy support #25520
+ Fix active category detection #26330
+ Fix message filtering #26065
+ Improve sending mass mail #26844
- following new php.ini recommendations in apache config:
+ adjusted max file sizes (upload/post) from 16M to 20M
+ setting PHP script max_execution_time to 300
-------------------------------------------------------------------
Wed Sep 25 18:05:37 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.9.12
Security Issues Fixed
+ Low Priority - Core - XSS in logo parameter of default templates
Bug fixes and Improvements
+ Fix for minyear and maxyear in the calendar #26119
+ Handle Google Font weights and styles in Protostar #25976
+ Fix user session on mssql server #23213
+ Protect SQL servers by adding pause mechanism to cli finder indexer #13502
+ Fix Imagelist custom field default image #26352
-------------------------------------------------------------------
Wed Aug 14 16:22:50 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.9.11
Security Issues Fixed
+ Low Priority - Core - Hardening com_contact contact form
Bug fixes and Improvements
+ Custom Fields: Fix language strings/unknown columns/sorting #25476
+ Creating categories on the fly with numbers #25024
+ Fix database schema checker for MySQL 8 #25658
+ Tree sorting in templates file tree #25792
+ Improved PHP 7.4 compatibility #25784
-------------------------------------------------------------------
Wed Jul 10 16:21:02 UTC 2019 - lars@linux-schulserver.de - 3.9.10
- Update to 3.9.10
Security Issues Fixed
+ Low Priority - Core - CSV injection in com_actionlogs
+ Low Priority - Core - XSS in subform field
+ Low Priority - Core - ACL hardening of com_joomlaUpdate
+ Low Priority - Core - Filter attribute in subform fields allows remote code execution
Bug fixes and Improvements
+ Repeatable Custom Fields: fix to keep HTML tags #25189
+ Media Manager: Modal layout improved #22475
+ Voting: Cache cleaned after voting #25201
+ Article ordering: Items grouped by category first #25295
+ Batch system: Improvements for Contact and Newsfeed #25259
+ Batch system: Copy permissions of modules #24737 and categories #24730
+ Progessive cache improvements #20310
+ Fix to avoid duplicated custom fields in com_content #24516
+ RTL improvements #23107 #24722
+ Removal of the unofficial French Help Server #24927
+ TinyMCE improvements: #24978 #25037
+ RSS: Fix to display the right category #24932
+ Media Manager: Fix directory traversal for symlinked folders #24924
+ User registration: Correct http schema used #24089
-------------------------------------------------------------------
Fri May 17 07:46:25 UTC 2019 - lars@linux-schulserver.de - 3.9.6
- Update to 3.9.6
* Security Issues Fixed
+ Low Priority - Core - XSS in com_users ACL debug views
(affecting Joomla 1.7.0 through 3.9.5)
+ Low Priority - Core - By-passing protection of Phar Stream Wrapper
Interceptor (affecting Joomla 3.9.3 through 3.9.5)
* Bug fixes and Improvements
+ Media Manager: Fix logic in file upload check introduced in 3.9.5 #24637
+ Edge Chromium support added #24379
+ User Notes: Fix date format #24529
+ Frontend editing: article category editable by Publishers and up #24640
+ Cache: Cache folder automatically created if it doesn’t exist #21952
+ PostgreSQL database improvements #24682 #24683 #24652
-------------------------------------------------------------------
Sat Apr 13 17:03:28 UTC 2019 - Adrian Schröter <adrian@suse.de>
- Update to 3.9.5
* Security Issues Fixed
+ High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4)
+ Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4)
+ Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4)
* Bug fixes and Improvements
+ User Password: Add minimum lowercase rule for password validation #24230
+ Associations tab: Fix wrong behaviour of Indonesian language #24244
+ Debug language: Fix User Actions Log Manager #24178
+ New installation language: Kazakh #24233
+ Google Authenticator plugin (2FA): QR-code generator implemented #24255
-------------------------------------------------------------------
Tue Mar 19 13:44:54 UTC 2019 - Adrian Schröter <adrian@suse.de>
- Update to 3.9.4
Security Issues Fixed
+ High Priority - Core - Missing ACL check in sample data plugins
+ Low Priority - Core - XSS in com_config JSON handler
+ Low Priority - Core - XSS in item_title layout
+ Low Priority - Core - XSS in media form field
Bug fixes and Improvements
+ User Terms (#23787) and Privacy Consent (#23660) plugins
+ Featured articles: Page subheading added #23583
+ Custom formfield layout paths simplified #22645
+ Com_contact: Contact name field moved out of the Contact
Information block #23563
+ Custom module: Improvement of the frontend editing #23741
+ Action Logs improvement: Cache (#22739) and Purge/Export
(#22740) actions are now logged
-------------------------------------------------------------------
Fri Feb 15 13:57:06 UTC 2019 - lars@linux-schulserver.de
- Update to 3.9.3
Security Issues Fixed
+ Lack of URL filtering in various core components
+ Browserside mime-type sniffing causes XSS attack vectors
+ Additional warning in the Global Configuration textfilter settings
+ Stored XSS issue in the Global Configuration help url #2
+ XSS Issue in core.js writeDynaList
+ Implement the TYPO3 PHAR stream wrapper
Bug fixes and Improvements
+ Prevent renaming/deleting the template index.php file #23654
+ Smart Search improvement #23736
+ Contacts banned fields removed #23585
+ Improvement of the Integration tab display #23711
+ Fix the category filter for featured articles #23454
+ Fix for the Template Style field in the menu manager #23556
+ Breadcrumbs for tags #23599
-------------------------------------------------------------------
Thu Jan 17 14:44:49 UTC 2019 - lars@linux-schulserver.de
- Update to 3.9.2
Security Issues Fixed
+ Stored XSS in mod_banners
+ Stored XSS in com_contact
+ Stored XSS issue in the Global Configuration textfilter settings
+ Stored XSS issue in the Global Configuration help url
Bug fixes and Improvements
+ Fixes for states in com_finder (#23194), com_banners (#23193),
com_messages (#23192), com_users notes (#23191)
+ Removal of the Caching field in the languages (#23174),
syndicate (#23166), random image (#23165), and login modules (#23152)
+ Editors API extended #23224
+ Menu Item Alias type: Redirection is optional #23278
+ com_media: Normalisation of uploaded file names (#23259)
+ Code cleanup and namespacing
-------------------------------------------------------------------
Mon Dec 24 22:16:10 UTC 2018 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 3.9.1
+ Fix for the automatic title option of the Latest Actions admin module #22925
+ Com_privacy: Redirected to the privacy request form after login #22927
+ Update to TinyMCE 4.5.9 #22879
+ Performance improvement for the category and tag managers #22117
+ Fix for the delete module positions issue #22935
+ Preventing the System Privacy Consent plugin from running when
logging out through a menu item #22939
+ Content - Page Break plugin: Possibility to use a template
override for Previous/Next pagination #22932
+ Fix navigation to the first page in pagination when SEF is off #23042
+ System - User Actions Log plugin: Removal of the number of
days limitation #23084
-------------------------------------------------------------------
Sun Nov 11 11:13:27 UTC 2018 - lars@linux-schulserver.de
- Update to 3.9.0
+ 3.9 intoduced the new Privacy Tool Suite by Joomla
+ Add notes to your articles in the backend, and filter them #19134
+ A new search feature in the backend: search for a specific article content #20083
+ Load a module by ID into your article #19362
+ A repeatable custom field is now available #20243
+ Create alternative layouts to fit your needs #18571
+ Display the intro or full image in your newsflash module #20169
+ Show only the articles from a specific author in your latest articles module (#20687), and more options!
+ A new toolbar button to edit associations #21022
+ Propagate existing associations #21321
+ Display your tags per language #19509
+ Use Google Invisible reCAPTCHA on your websites #18146
+ Argon2id Password is now supported #20855
-------------------------------------------------------------------
Thu Oct 11 12:26:12 UTC 2018 - lars@linux-schulserver.de
- Update to 3.8.13
* Low Priority - Core - Hardening com_contact contact form
* Low Priority - Core - Inadequate default access level for com_joomlaUpdate
* Low Priority - Core - Access level Violation in com_tags
* Low Priority - Core - ACL Violation in com_users for the admin verification
* Low Priority - Core - CSRF hardening in com_installer
-------------------------------------------------------------------
Wed Sep 12 21:17:36 UTC 2018 - lars@linux-schulserver.de
- Update to 3.8.12
* Security - Core - Hardening the InputFilter for phar stubs
* Security - Core - Stored XSS vulnerability in the frontend profile
* Security - Core - ACL Violation in custom fields
* mod_articles_latest and mod_articles_news: fix to show featured articles #21336
* Tags in com_content: fix to display tags when other item info are set to hidden #21275
* com_tags: All Tags default layout #21031
* Allows filtering by the archived state in the redirect component #21673
-------------------------------------------------------------------
Thu Aug 30 05:50:57 UTC 2018 - Adrian Schröter <adrian@suse.de>
- Update to 3.8.12
Security Issues Fixed
* Low Priority - Core - Hardening the InputFilter for phar stubs (affecting Joomla 1.5.0 through 3.8.11)
* Low Priority - Core - Stored XSS vulnerability in the frontend profile (affecting Joomla 1.5.0 through 3.8.11)
* Low Priority - Core - ACL Violation in custom fields (affecting Joomla 3.7.0 through 3.8.11)
Bug fixes and Improvements
* mod_articles_latest and mod_articles_news: fix to show featured articles
* Tags in com_content: fix to display tags when other item info are set to hidden
* com_tags: All Tags default layout
* Allows filtering by the archived state in the redirect component
-------------------------------------------------------------------
Mon Aug 6 13:02:41 UTC 2018 - Adrian Schröter <adrian@suse.de>
- Update to 3.8.11
* Fix for the Missing "Select Type" field in the Extensions Manager #20881
* Replace the URL parameter "limitstart=0" by "start=0" when SEF is enabled #19452
* Remove non callable array items from field categories #20093
* Articles - Category Module: New ‘showon’ attribute for form fields #20950
* Fix OpenSearch implementation #20937
* Fix for tag filtering in Featured Articles view in administrator #21138
* Fix for filtering Featured Articles by access level in administrator #21168
* Media manager: relative paths for video files #21156
* Com_menus: removal of useglobal attribute #21095
* Multilingual Associations Component: fix associations in sidebyside view for contact and newsfeeds #21180
-------------------------------------------------------------------
Mon Jul 23 08:51:59 UTC 2018 - adrian@suse.de
- Update to 3.8.10
Security Issues Fixed
* Low Priority - Core - Local File Inclusion with PHP 5.3 (affecting Joomla 2.5.0 through 3.8.8) More information »
* Low Priority - Core - XSS vulnerability in language switcher module (affecting Joomla 1.6.0 through 3.8.8) More information »
Bug fixes and Improvements
* Correctly escape the random image module output #20533
* Fix folder browsing and file upload that broke in 3.8.8 due to escaping #20586
* com_mailto (mail to friend) allows the usage of a Captcha by using JForm #20265
* Tag indexing improvement #13868
* Fix use of hyphens in data attributes #20579
* Updates to third party PHP libraries #20583
* CodeMirror Updated to 5.38.0 #20636
-------------------------------------------------------------------
Thu Jun 21 08:02:12 UTC 2018 - adrian@suse.de
- Update to 3.8.8
Security fixes:
* Low Priority - Core - ACL violation in access levels
* Low Priority - Core - Add phar files to the upload blacklist
* Moderate Priority - Core - Information Disclosure about unpublished tags
* Low Priority - Core - Installer leaks plain text password to local user
* Moderate Priority - Core - XSS Vulnerabilities & additional hardening
* Low Priority - Core - Filter field in com_fields allows remote code execution
* Low Priority - Core - Session deletion race condition
* Low Priority - Core - Possible XSS attack in the redirect method
* Low Priority - Core - XSS vulnerability in the media manager
Bug fixes and Improvements
* Miscellaneous accessibility improvements for the Backend
* Updated CodeMirror to 5.37 and various improvements #20269 #19833 #12542
* Improved handling of numeric user group names #20091
* [com_content] Filter by no author #20245
* Added support for PHP 7.3’s is_countable function #20441
* Sending passwords by email disabled by default for new installs #20247
-------------------------------------------------------------------
Mon Apr 23 19:30:39 UTC 2018 - adrian@suse.de
- Update to 3.8.7
Bugfix release
* Various backend improvements for multi language websites (admin menus and associations)
* CodeMirror editor Updated to 5.35.0 #19809
* Allow absolute or relative URLs for redirects #19942
* Improved handling of read-only field data in com_fields #20068
* Highlight all matching text in Smart Search results #20019
-------------------------------------------------------------------
Tue Mar 20 09:58:45 UTC 2018 - lars@linux-schulserver.de
- Update to 3.8.6
Security Issues Fixed
* Low Priority - Core - SQLi vulnerability in User Notes
(affecting Joomla 3.5.0 through 3.8.5)
Bug fixes and Improvements
* Various session management improvements #19548, #19687
* Multilingual: Associated categories should display only when
published #19551
* Improve performance of the com_content category view with
filter by tags #19284
* [com_fields] Fields are not copied when batch duplicating
an article #16958
* Pass the configuration tmp_path to the archive package for
extension installations #19608
* Hide global configuration and system information from non
super users #19697
* Language overrides do not find plugin language files when files
are in the plugin language folder #19740
* reCAPTCHA V1 - Discontinued #19648
* Delete existing user_keys, if password is changed #17827
* PHP 7.2 compatibility fixes
-------------------------------------------------------------------
Wed Feb 14 07:17:42 UTC 2018 - adrian@suse.de
- Update to 3.8.5
Regressions of Joomla 3.8.4, including the revert of routing
changes applied in Joomla 3.8.4 and broken syntax highlighting
in the CodeMirror editor.
-------------------------------------------------------------------
Tue Feb 6 10:08:44 UTC 2018 - adrian@suse.de
- Update to 3.8.4
Security Fixes:
* Low Priority - Core - XSS vulnerability in module chromes (affecting Joomla 3.0.0 through 3.8.3) More information »
* Low Priority - Core - XSS vulnerability in com_fields (affecting Joomla 3.7.0 through 3.8.3) More information »
* Low Priority - Core - XSS vulnerability in Uri class (affecting Joomla 1.5.0 through 3.8.3) More information »
* Low Priority - Core - SQLi vulnerability in Hathor postinstall message (affecting Joomla 3.7.0 through 3.8.3) More information »
Please see the documentation wiki for more information about the security patches.
Bug Fixes and Improvements
* Contact form loses data after submission with error #17743
* Smart Search performance improvement for common words #12450
* Performance improvement in Smart Search indexing process #17390
* Update jQuery Autocomplete to 1.4.7 #18113
* Update CodeMirror to 5.33.0 #18880
* Update srcset url conversion to handle commas and spaces #18327
* Custom Fields: Handle tag items properly #19006
* Fix filepath to PHPMailer language file #19072
* Display category title as page heading and page title when no menu
item for com_content category #19195
* Respect access level in com_content #18417
* Miscellaneous PHP 7.2 compatibility fixes
-------------------------------------------------------------------
Sun Jan 28 19:14:28 UTC 2018 - lars@linux-schulserver.de
- Update to 3.8.3
Joomla 3.8.3 addresses several bugs, including:
* Support for multiple download sources on Update servers
(AKA download mirrors) #18926
* PHP 7.2 Compatibility fixes
* Update TinyMCE 4.5.8 #18574
* Multilingual Associations component: reduce the number of
duplicate queries #18544
* [com_fields] Multilanguage: fixing display of fields when the
item concerned is set to ALL #18536
* Eliminate crippling performance of content search plugin for
large sites with custom fields #18915
-------------------------------------------------------------------
Wed Nov 8 10:47:44 UTC 2017 - adrian@suse.de
- Update to version 3.8.2
* Features and Security fixes as documented here:
https://www.joomla.org/announcements/release-news/5716-joomla-3-8-2-release.html
-------------------------------------------------------------------
Tue Sep 19 19:38:43 UTC 2017 - adrian@suse.de
- Update to version 3.8.0
* Features and Security fixes as documented here:
https://www.joomla.org/announcements/release-news/5713-joomla-3-8-0-release.html
-------------------------------------------------------------------
Wed Aug 30 07:38:21 UTC 2017 - adrian@suse.de
- Update to version 3.7.5
* Joomla! is not installing on remote databases #17248
-------------------------------------------------------------------
Thu Jul 27 17:39:24 UTC 2017 - lars@linux-schulserver.de
- Update to version 3.7.4
* Security Issues Fixed
- Core - Installer: Lack of Ownership Verification
- Core - XSS Vulnerability
- Visit the Security Centre for more information.
* Bug Fixes
- Fatal error for PHP 5.3 and a multilanguage site #16966
- Multilingual com_tags getting wrong language cookie #17084
- Post installation message: Wrong php detection #16964
- com_contact address is no longer displayed #16971
- Visit GitHub for the full list of bug fixes.
-------------------------------------------------------------------
Fri Jul 7 14:51:22 UTC 2017 - adrian@suse.de
- Update to version 3.7.3
* Security Issues Fixed
- Core - Information Disclosure (affecting Joomla 1.7.3-3.7.2) More information »
- Core - XSS Vulnerability (affecting Joomla 1.7.3-3.7.2) More information »
- Core - XSS Vulnerability (affecting Joomla 1.5.0-3.6.5) More information »
- Visit the Security Centre for More information »
- Bug Fixes
* Calendar fixes #16794
- Fix frontend menus of menu type "main" or "menu" and backend main menu #16577
- Tags: Respect Browser Page Title in view Tagged Items #16773
- Adding thumbs file names in Media Manager #16769
- Remove PHP memory_limit from max upload size calculation #16741
- Fix custom fields without a fieldgroup not being displayed #16705
- Update tinymce to 4.5.7 #16042
-------------------------------------------------------------------
Sun May 28 08:27:25 UTC 2017 - adrian@suse.de
- Update to 3.7.2
* Fix mime checks #16091
* Clear cache with more operations #15606
* Setting week numbers to display per default #16117
* Fix Page filtering in the Modules manager #16118
* Fix Copy Reference to Target issue #16178
* Allow multiple values for the integer field #16153
* Visit GitHub for the full list of bug fixes.
-------------------------------------------------------------------
Fri May 19 17:01:33 UTC 2017 - adrian@suse.de
- Update to 3.7.1
* High Priority - Core - SQL Injection (affecting Joomla! 3.7.0) More information »
Bug Fixes:
* Fixed attribute checks in the new calendar #15573
* Inject the JInput dependency into the session handler #15605
* Fix b/c break in JMenuItem #15553
* Fix article ordering in the backend #15655
* Fix milliseconds handling in for PHP Versions lower to 7.1.0 #15853
* Fixing JFilterInput adding byte offsets to character offset #15966
* Redirection fails on multiple status values produced by old FOF2 Extensions #15738
* Remove empty locked cache file if callback function terminate process #15592
* Visit GitHub for the full list of bug fixes.
-------------------------------------------------------------------
Wed Apr 26 06:21:37 UTC 2017 - adrian@suse.de
- Update to 3.7.0
-------------------------------------------------------------------
Mon Dec 26 21:30:54 UTC 2016 - lars@linux-schulserver.de
- Update to 3.6.5
-------------------------------------------------------------------
Tue May 24 17:18:07 UTC 2016 - lars@linux-schulserver.de
- allow apache 2.4
-------------------------------------------------------------------
Sun Jan 18 12:08:45 UTC 2015 - lars@linux-schulserver.de
- added initial apparmor profile
-------------------------------------------------------------------
Thu Nov 20 15:56:28 UTC 2014 - lars@linux-schulserver.de
- Update to 3.3.6:
-------------------------------------------------------------------
Thu Sep 25 11:46:43 UTC 2014 - lars@linux-schulserver.de
- Update to 3.3.4:
+ Security: Core XSS Vulnerability
+ Security: Core Unauthorised Logins
-------------------------------------------------------------------
Thu Sep 4 19:39:11 UTC 2014 - lars@linux-schulserver.de
- adapt/fix apache configuration
- joomla developers want to get more rights for apache user
- recommend php-zip
-------------------------------------------------------------------
Mon Sep 1 16:38:53 UTC 2014 - lars@linux-schulserver.de
- Update to 3.3.3:
+ GitHub [#3954] - Change the cloak container from div to span
+ GitHub [#3956] - Class attributes are not included in mailcloak
+ JoomlaCode [#33984] - Getting a 500 when trying to sort users by
User Group in Modal
+ JoomlaCode [#33987] - User settings for Editor ignored
- define and use JOOMLA_WEBROOT in robots.txt and apache config
- let wwwrun own the logs and language directories
-------------------------------------------------------------------
Tue Aug 26 11:44:45 UTC 2014 - lars@linux-schulserver.de
- initial version 3.3.0
