Upgrade to Joomla! 1.0.4 Security Release now!

Created on Monday, 21 November 2005 06:22

Image
Joomla! 1.0.4 out now!
Joomla! 1.0.4 [ Sundial ] is now available on the forge for download here. This is a Security Release, which means it contains fixes for six Security Vulnerabilities. We highly recommend that you upgrade to this version.

1.0.4 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security work conducted.

1.0.4 Changelog
1.0.4 Version Information

Security Vunerabilities

1.0.4 Contains fixes for 6 Security Vunerabilities.

Critical Level Threats

  • Potentional XSS injection through GET and other variables
    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
  • Hardened SEF against XSS injection
    - Affects all previous versions of Joomla! and Mambo 4.5.2.3

Low Level Threats

  • Potential SQL injection in Polls modules through the Itemid variable
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Potential SQL injection in several methods in mosDBTable class
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Potential misuse of Media component file management functions
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series

Upgrade Instructions

Conversion Instructions

For those converting from Mambo 4.5.2.x please read these Migration instructions. You need to download the Joomla 1.0.4 Full package

Thank you to the community for their continued assistance in helping us make Joomla 1.0.x more stable.



Rey Gigataras [stingrey]
Joomla! Software Coding and Design
Stability Team Leader