Joomla! - 1.0.9 Changelog

Flexible
Simple
Elegant
Customizable
Powerful
Cutting Edge Content Management

Joomla! is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Joomla! is easy to install, simple to manage, and reliable.
Joomla! 1.0.x

Joomla! 1.5

The Joomla! Shop presents to you a large collection of Joomla! books, as well as computer and Internet books. Purchase books in your language. This is a great way to support Joomla!
Who's Online

1.0.9 Changelog
Monday, 05 June 2006
---------------- 1.0.9 Stable Released -- [05-June-2006 16:00 UTC - Rev 3876] ------------------


This Release Contains following Security Fixes

Joomla! utilizes the Open Web Application Security Project (OWASP) web application security system to categorize security vunerabilities found within Joomla!
http://www.owasp.org/index.php/OWASP_Top_Ten_Project


12 Low Level Threats in 1.0.9 

A1 Unvalidated Input
 * A1 - Harden mosmsg
 * A1 - Hardening of backend `User Manager` to stop 'Adminstrators' from being able to create 'Super Administrator' users
 
A2 Broken Access Control 
 * A2 - Breadcrumbs title visibility even when access restricted
 * A2 - 'Edit Your Details' page now needs a published menu item to be accessible
 * A2 - 'Check-In My Items' page now needs a published menu item to be accessible
 * A2 - 'Submit News' page now needs a published menu item to be accessible
 * A2 - 'Submit Weblink' page now needs a published menu item to be accessible
 * A2 - Add ability to selectively disable certain types of syndicated feeds
 * A2 - Ensure module caching does not inadvertently make special level modules visible to registered users
 * A2 - Add ability to totally disable access to frontend login page
 * A2 - Add ability to disable frontend user params
 
A3 - Broken Authentication and Session Management
 * A3 - Changes to access level of user account will kill any active session for that user

--


04-June-2006 Rey Gigataras
 # Fixed [artf4878] : inlegal dates in mysqll tables 
 # Fixed : missing content cache clearing calls


03-June-2006 Rey Gigataras
 # Fixed [artf4864] : /includes/frontend.php
 # Fixed [topic,66138] : Invailid Session at Admin login
 # Fixed [topic,66044] : Installation checks
 # Fixed [topic,66276] : admin password ="0"
 # Fixed : No ability to set Cache time for Syndication modules
 # Fixed : `Remember Expired Admin page` functionality changed from 600 seconds to half the `Admin Session Lifetime` value
 # Fixed : Admin session purge (to limit only one active session per account) deleting frontend logged in session


03-June-2006 Robin Muilwijk
 # Fixed [topic,66360] : Fatal error com_contact/contact.php


01-June-2006 Rey Gigataras
 # Fixed : New Global Config params (added in 1.0.9) not created on clean install
 
 
31-May-2006 Rey Gigataras
 # SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend Login
 # SECURITY A2 [ Low Level ]: New `Global Config` param to allow disabling of Frontend User params

 # Fixed [artf4844] : initial setup failure on IIS when installed in subdirectory
 # Fixed [topic,65009] : "Email to Friend" Can Send Unusable URLs
 # Fixed [topic,65604] : Notices when adding static content
 # Fixed [topic,65485] : Bug with menu item selector
 # Fixed : DB error when attempting a checkin action after cancelling from creating a New item


30-May-2006 Rey Gigataras
 # Fixed [topic,65381] : Override Created Date
 # Fixed [artf4830] : top menu items reversed in madeyourweb template


29-May-2006 Rey Gigataras
 # SECURITY A2 [ Low Level ]: [artf4752] : caching makes modules assigned to special user visible to registered users
 
 # Fixed [artf4812] : In footer.php (C) should be ©
 # Fixed [artf4806] : typo in mambots/search/contacts.searchbot.php causes sef errors
 # Fixed [artf4752] : patTemplate strip comments problems 
 # Fixed [artf4752] : rss.php unnecessary logic code check 
 # Fixed [topic,64994] : problem with related items
 # Fixed [topic,64046] : adding new content Frontend fails with Authorization Error


27-May-2006 Rey Gigataras
 # Fixed [topic,64308] : cache and content items on frontpage
 # Fixed [topic,63824] : Notice on com_contact
 # Fixed [artf4801] : inputFilter::filterTags prints unexpected text


23-May-2006 Rey Gigataras
 # Fixed [topic,63674] : MySQL 5 strict mode in Admin Backend


22-May-2006 Rey Gigataras
 # PERFORMANCE [topic,63468] : slow auto-login because of new MD5 calculations on whole users DB
 
 # Fixed [topic,63446] : Category and Section


21-May-2006 Rey Gigataras
 # Fixed [artf4714] : Can't add Menu Item :: Link - Static Content 
 # Fixed : "Unique Itemid" handling for `Link - Content Item`
 # Fixed : Add "Unique Itemid" handling for `Link - Static Content`
 # Fixed [artf4714] : Can't add Menu Item :: Link - Static Content 
 # Fixed [topic,62056] : Copyright date


20-May-2006 Rey Gigataras
 # Fixed [artf4733] : Module Manager reorder via save button broken
 # Fixed [artf4736] : Quotation marks in Site Name
 # Fixed [topic,63257] : Notice when creating new category


18-May-2006 Rey Gigataras
 # Fixed [artf4700] : pathway ampReplaces item name twice
 # Fixed [artf4712] : 'type' of $mosConfig_error_reporting does not match code
 
 + Remember Expired Admin page functionality


17-May-2006 Rey Gigataras
 # Fixed [artf4673] : setlocale
 # Fixed [artf4685] : unhandled fragment identifier with core SEF enabled 
 # Fixed [artf4678] : Print, PDF and email buttons aren't accessible
 # Fixed [topic,62124] : Hover for icons when editing content in front-end
 # Fixed [topic,62165] : Canot login - admin_session_life not set


15-May-2006 Rey Gigataras
 # Fixed [topic,61926] : Frontend static language text
 # Fixed [topic,61971] : E-mail cloaking broken, TinyMCE `mce_href` problem
 # Fixed : Frontend Content editing does not display correct publishing date/time 
 # Fixed : Frontend Content editing incorrect handling of 'Never' in `Finish Publishing`
 # Fixed : Incorrect date/time values on `Content Items Manager` and `Static Content Manager` pages


14-May-2006 Rey Gigataras
 * SECURITY A2 [ Low Level ]: add ability to selectively disable certain types of syndicated feeds
 
 ^ Upgrade to TinyMCE 2.0.6.1
 
 # Fixed [topic,61897] : Changing any parameter for logged user returns to login screen


13-May-2006 Rey Gigataras
 * SECURITY A1 [ Low Level ]: [artf4529] : User with access to administration area can easly create super administrator.
 
 # Fixed [artf4555] : Slight Bug in registration system
 # Fixed [artf4641] : Module sites with one template - modules should not show up - itemid issue
 # Fixed : `Itemid=99999999` appearing in next & prev navigation links
 # Fixed : `Itemid=` appearing in `Blog` links items
 

13-May-2006 Andrew Eddie
 # Fixed [artf3302] : PatTemplate custom Functions getpage() undefined


12-May-2006 Louis Landry
 # Fixed [artf4284] : database::load() resets private properties


12-May-2006 Rey Gigataras
 # Fixed [topic,60970] : Finish Publishing Time not working as expected


11-May-2006 Rey Gigataras
 # Fixed [artf4614] : Warning in mosCreateGUID
 # Fixed [artf4619] : task=category shows unpublished items
 # Fixed [artf4621] : Media manager with long filenames = no button
 # Fixed [artf4613] : Sub Menu Item deletion Security Bug 
 # Fixed [artf4613] : Restoring menu items without a valid parent
 # Fixed [topic,59258] : bug when editing user profile
 # Fixed [topic,61190] : Menu Item Inconsistency


10-May-2006 Sam Moffatt
 # Fixed issue with login directly after activation causing error, now redirects to index.php


09-May-2006 Rey Gigataras
 # Fixed [artf4577] : saveUser in com_user has incorrect escaping for password


28-Apr-2006 Alex Kempkens
 # Fixed artf : Language loading incorrect in offline mode (related to Joom!Fish language changes)
 
 
27-Apr-2006 Rey Gigataras
 + Support for restricting ability to access certain functionality for demo sites

 # Fixed [artf4527] : incorrect style in function botNoEditorEditorArea
 # Fixed [topic,57926] : mod_poll.php Warning 
 

26-Apr-2006 Rey Gigataras
 # Fixed [artf3912] : Pear's cache lite and safe_mode
 # Fixed [artf3711] : mosemailcloak generates invalid XHTML
 # Fixed [artf3251] : Wrong file count in Media Manager
 # Fixed [artf3196] : com_media does not properly manage file names with simple quotes (')


25-Apr-2006 Rey Gigataras
 ^ PERFORMANCE [topic,54215] : MOSimage array affects edit page load time


24-Apr-2006 Rey Gigataras
 * SECURITY A3 [ Low Level ]: logged in user session are not affected by changes of user account

 # Fixed [artf4503] : Hardcoded text in page navigation
 # Fixed [artf4473] : Bad char in search
 # Fixed [artf4499] : Editing Quotated Menu Item
 # Fixed [artf4472] : Creating New User system message only sends to superusers
 # Fixed : Unable to 'Delete' `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists
 # Fixed : Unable to 'change' group of `Administrator` & `Super Administrator` - with check to ensure at least one active `Super Administrator` still exists


20-Apr-2006 Rey Gigataras
 * SECURITY A3 [ Low Level ]: Allow only one session per user account in Admin Backend
 
 + Allow `save` and `apply` actions to be completed before logging out expired sessions


20-Apr-2006 Andrew Eddie
 # Fixed slow query in com_polls
 # Fixed return address errors in patErrorManager
 # Fixed MySQL 5 error when saving menu items


18-Apr-2006 Rey Gigataras
 + Javascript validation checks to mod_poll


16-Apr-2006 Rey Gigataras
 # Fixed [artf4424] : gethostbyaddr(): Address is not a valid IPv4 or IPv6 address
 # Fixed [artf4407] : Image preview doesn't work with custom directory
 # Fixed [topic,54741] :  Who's Online guest count increments with RSS feed access


14-Apr-2006 Rey Gigataras
 # Fixed [artf4400] : Search: Itemid in mod_search also finds trashed Itemid's
 # Fixed [artf4399] : Search title in com_search is never from language file


12-Apr-2006 Rey Gigataras
 # Fixed [artf4346] : $mainframe->login($username,$pwd) compatibility broken
 # Fixed : `body` parameter for mailto tags


11-Apr-2006 Rey Gigataras
 # Fixed [artf4340] : Itemid on menu - multiple links to same content
 # Fixed : cache support for `Blog - Content Section Archive` & `Blog - Content Category Archive`
 # Fixed : SEF.php incorrect handling of `mailto` & `javascript` links
 # Fixed : $shownoauth default value in `configuration.php-dist`
 # Fixed : `live_bookmarks` not being disbaled properly by security check;
 # Fixed : admin `contact` and `weblink` ordering 


08-Apr-2006 Rey Gigataras
 # Fixed [topic,45136.0] : stop Cache system from creating large amount of Cache files
 # Fixed [artf4302] : 'Read more' link is always displayed if 'Linked Titles' option enabled
 # Fixed [artf4304] : Bugs in search.html.php
 # Fixed : Content Popup page behaviour


07-Apr-2006 Rey Gigataras
 # Fixed [artf4294] : InputFilter failed escaping string
 # Fixed [artf4050] : mod_mainmenu.php not setting id=active_menu


06-Apr-2006 Rey Gigataras
 * SECURITY A2 [ Low Level ]: check for menu item added to 'Edit Your Details' page
 * SECURITY A2 [ Low Level ]: check for menu item added to 'Check-In My Items' page
 * SECURITY A2 [ Low Level ]: check for menu item added to 'Submit News' page
 * SECURITY A2 [ Low Level ]: check for menu item added to 'Submit Weblink' page
 
 # Fixed [artf4282] : Extra Empty Menu Span Tags


05-Apr-2006 Rey Gigataras
 # Fixed [artf4010] : When creating new module. Two modules are created when clicking save


02-Apr-2006 Rey Gigataras
 # Fixed [artf3575] : Correction needed in stylesheet
 # Fixed [artf4089] : Problem with domit, extended characters and PHP 5.0.2


01-Apr-2006 Rey Gigataras
 # Fixed [topic,50547.0.html] : Print statement left in class.inputfilter.php
 # Fixed [topic,48908.0.html] : Duplicate usernames / Length Checking


31-Mar-2006 Rey Gigataras
 # Fixed [topic,46614.0.html] : mod_templatechooser not working when templates name has dashes


30-Mar-2006 Rey Gigataras
 * SECURITY A1 [ Low Level ]: [artf3702] : breadcrumbs: information gathering possible by simple urlhacks

 # Fixed [topic,47932.0.html] : 1.0.8 com_contact - incorrect URL?

 ^ Upgrade to Geshi 1.0.7.8


29-Mar-2006 Rey Gigataras
 # Fixed [artf4133] : Blog - Content Section Archive
 # Fixed [artf4093] : No parameter tool tip when ' is used in module.xml
 # Fixed [artf4028] : url to the site is added to the entered link in a menu item (SEF disabled)
 # Fixed [artf4102] : mosimage.php - Erroneous right alignment of images
 # Fixed [artf4131] : com_contact displays non-localized message
 
 ^ Upgrade to TinyMCE 2.0.5.1
 ^ Upgrade to TinyMCE compressor 1.0.8
 ^ TinyMCE remove `Help` tab in help popup
 ^ TinyMCE 'word wrap' by default for html source mode


27-Mar-2006 Alex Kempkens
 # corrcted searchbot; finding dynamic content while searching for static
 # updated core-SEF support for new multilingual_content config var
 
 
24-Mar-2006 Alex Kempkens
 + Check for mambot/system directory in installer and installation dialogs
 # [artf4066]    content sections not being translated


16-Mar-2006 Rey Gigataras
 # Fixed [artf3913] : [artf3809]: Error with < AND > in tinymce - static content manager
 # Fixed : checked out lock icon visible for same user
 # Fixed : Global Config JS error when no session_type value yet set - issue only when upgrading
 # Fixed [topic,44206.0.html] : XML help files no longer supported


15-Mar-2006 Rey Gigataras
 # Fixed [artf3927] : Typo in Installer Screen
 # Fixed [artf3940] : single quotes/apostrophes (') 
 # Fixed [topic,46202.0.html] : Problem found in Session id function 
 

13-Mar-2006 Rey Gigataras
 ^ PERFORMANCE : com_content only add call to jos_content_rating where voting option activated


12-Mar-2006 Rey Gigataras
 # Fixed [topic,44117.0.html] : com_menumanager can not handle simple quotes (')
 # Fixed [topic,34821.0.html] : Allow search on static contents not linked to a menu

 ^ PERFORMANCE : com_statistics `Search Engine Text` page, results returned off by default as highly query intensive and can cause site lockup
 ^ `Page Hits` into `Content` sub-menu


11-Mar-2006 Alex Kempkens
 # Fixed some queries missing primary key for translations (contact, newsfeed)


11-Mar-2006 Rey Gigataras
 # Fixed [artf3873] : Invalid Itemid for com_content Category Link
 # Fixed [topic,45343.0.html] : Random image default behavoir

 + PERFORMANCE : Auto purge of expired messages for com_messages [default of 7 days]


10-Mar-2006 Rey Gigataras
 # Fixed [artf3885] : Remove the last hardcoded texts
 # Fixed [artf3713] : Joomla still doesn't work with SQL mode enabled
 
 ^ Ensure showPathway is only called once


09-Mar-2006 Rey Gigataras
 # Fixed [artf3863] : mod_whosonline double ONLINE
 # Fixed [topic,44644.0.html] : Miss spelled Position as Postition
 # Fixed [topic,41593.0.html] : Table - content section - filter works only for the first page


08-Mar-2006 Rey Gigataras
 # Fixed [artf3847] : A mistake in joomla_admin template
 # Fixed [artf3748] : Archive - Access Denied
 # Fixed [artf3592] : Archive Pagination Problem
 # Fixed [topic,41627.0.html] : "Undefined variable: filter"
 # Fixed [topic,43315.0.html] : Static text in content.php
 # Fixed [topic,41466.0.html] : NullDate AND '0000-00-00 00:00:00'
 
 ^ Global define of _CURRENT_SERVER_TIME
 ^ sef.php optimization


07-Mar-2006 Rey Gigataras
 + Show whether Cache directory is writable where it is used - com_newsfeeds, com_syndicate, custom modules
 
 # Fixed [artf3818] : Path error for agent_browser.php in joomla.php
 # Fixed ensure all require and include calls are using absolute paths


06-Mar-2006 Rey Gigataras
 # Fixed [artf3756] : mossef bot rewrites javascript:void(0) in href
 # Fixed [artf3745] : includes/joomla.php on line 790 setSessionGarbageClean
 # Fixed [topic,41619.0.html] : mosimage caption problem
 # Fixed [topic,42023.0.html] : sample data error with Link - Static Content CID value
 

02-Mar-2006 Rey Gigataras
 # Fixed [artf3728] : Error if change the "Syndicate" name in db table "jos_components"
 # Fixed [artf3731] : mod_newsflash shows errors when no items are available
 # Fixed [artf3733] : Site (frontend): url to the site is added to the entered link in a content item. 
 # Fixed [artf3696] : Typo Site Mambot: Edit [ TinyMCE WYSIWYG Editor ] 
 # Fixed [artf3658] : "New" Content Link/Image Showing With No Categories Present
 # Fixed [artf3697] : sefreltoabs error with links to other sites


01-Mar-2006 Rey Gigataras
 * SECURITY A1 [ Low Level ]: Harden mosmsg
 
 # Fixed [artf3656] : contact-component, dropdown


28-Feb-2006 Rey Gigataras
 # Fixed [artf3655] : Login module error
 # Fixed [artf3668] : mosemailcloak bug with mailto:
 # Fixed [artf3681] : invalid markup in com_content showCategories() 
 # Fixed [artf3688] : Hardcoded text in contact.html.php 
 # Fixed [artf3664] : Image links gets preceeded by "Live Site" URL after v1.0.8 upgrade 
 # Fixed [artf3703] : configuration.php-dist has a typo 
 # Fixed [topic,41404.0.html] : configuration.php-dist missing `;`


---------------- 1.0.8 Stable Released -- [25-Feb-2006 04:00 UTC] ------------------
< Prev		Next >
[ Back ]