Support Joomla!
  • Flexible
  • Simple
  • Elegant
  • Customizable
  • Powerful
 screenshot

Cutting Edge Content Management

Joomla! is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Joomla! is easy to install, simple to manage, and reliable.
 
Joomla! 1.0.9 out now!! PDF Print E-mail
Monday, 05 June 2006
Article Index
Joomla! 1.0.9 out now!!
Download Packages
Security Fixes
Misc Improvements
Thanks
Page 3 of 5

Security Fixes

Joomla! 1.0.9 Contains twelve (12)  fixes for Low Level Security Vunerabilities.  

Low Level Threat Fixes 

A1 Unvalidated Input
  •  A1 - Harden mosmsg

  •  A1 - Hardening of backend `User Manager` to stop 'Adminstrators' from being able to create 
    'Super Administrator' users
 
A2 Broken Access Control 
  • A2 - Breadcrumbs title visibility even when access restricted

  • A2 - 'Edit Your Details' page now needs a published menu item to be accessible

  • A2 - 'Check-In My Items' page now needs a published menu item to be accessible

  • A2 - 'Submit News' page now needs a published menu item to be accessible

  • A2 - 'Submit Weblink' page now needs a published menu item to be accessible

  • A2 - Add ability to selectively disable certain types of syndicated feeds

  • A2 - Ensure module caching does not inadvertently make special level modules visible 
    to registered users

  • A2 - Add ability to totally disable access to frontend login page

  • A2 - Add ability to disable frontend user params
 
A3 - Broken Authentication and Session Management
  •  A3 - Changes to access level of user account will kill any active session for that user

 OWASP Vunerability Categorization

Since 1.0.8, Joomla! has started adopting the Open Web Application Security Project (OWASP) Top Ten Vulnerability categorization system, to standardize the categorization of security vulnerability reports. 

OWASP Top Ten list here



 
< Prev   Next >
[ Back ]