Joomla! 1.0.4

Joomla! 1.0.4 [ Sundial ] is now available on the forge for download here. This is a Security Release, which means it contains fixes for six Security Vulnerabilities.
We highly recommend that you upgrade to this version.

1.0.4 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security work conducted.

1.0.4 Changelog
1.0.4 Version Information

Security Vulnerabilities

1.0.4 Contains fixes for 6 Security Vulnerabilities.

Critical Level Threats

  • Potential XSS injection through GET and other variables
    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
  • Hardened SEF against XSS injection
    - Affects all previous versions of Joomla! and Mambo 4.5.2.3

Low Level Threats

  • Potential SQL injection in Polls modules through the Itemid variable
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Potential SQL injection in several methods in mosDBTable class
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Potential misuse of Media component file management functions
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series

Upgrade Instructions

  • To update from Joomla! 1.0.3, all you have to do is simply overwrite files from the 1.0.3 to 1.0.4 Patch Package
  • To update from Joomla! 1.0.2, all you have to do is simply overwrite files from the 1.0.2 to 1.0.4 Patch Package
  • To update from Joomla! 1.0.1, all you have to do is simply overwrite files from the 1.0.1 to 1.0.4 Patch Package
  • To update from Joomla! 1.0.0, all you have to do is simply overwrite files from the 1.0.0 to 1.0.4 Patch Package

Conversion Instructions

For those converting from Mambo 4.5.2.x please read these Migration instructions. You need to download the Joomla 1.0.4 Full package

Thank you to the community for their continued assistance in helping us make Joomla 1.0.x more stable.

Rey Gigataras [stingrey]
Joomla! Software Coding and Design
Stability Team Leader