Joomla! 1.0.9 out now!!

Created on Sunday, 04 June 2006 12:00

Security Fixes

Joomla! 1.0.9 Contains twelve (12)  fixes for Low Level Security Vunerabilities.  

Low Level Threat Fixes

A1 Unvalidated Input
  •  A1 - Harden mosmsg
  •  A1 - Hardening of backend `User Manager` to stop 'Adminstrators' from being able to create
    'Super Administrator' users
 
A2 Broken Access Control
  • A2 - Breadcrumbs title visibility even when access restricted
  • A2 - 'Edit Your Details' page now needs a published menu item to be accessible
  • A2 - 'Check-In My Items' page now needs a published menu item to be accessible
  • A2 - 'Submit News' page now needs a published menu item to be accessible
  • A2 - 'Submit Weblink' page now needs a published menu item to be accessible
  • A2 - Add ability to selectively disable certain types of syndicated feeds
  • A2 - Ensure module caching does not inadvertently make special level modules visible
    to registered users
  • A2 - Add ability to totally disable access to frontend login page
  • A2 - Add ability to disable frontend user params
 
A3 - Broken Authentication and Session Management
  •  A3 - Changes to access level of user account will kill any active session for that user

 OWASP Vunerability Categorization

Since 1.0.8, Joomla! has started adopting the Open Web Application Security Project (OWASP) Top Ten Vulnerability categorization system, to standardize the categorization of security vulnerability reports. 

OWASP Top Ten list here