Security Release - Joomla! 1.0.14

With Joomla’s release of their new version (1.5.1) patch today, they have also released a security patch for their 1.0.13 product.  Anyone on Joomla 1.0.13 or earlier should upgrade to the latest version release to avoid any problems.

Joomla security release 1.0.14 addresses some serious security vulnerabilities.  As with most of their upgrades, they recommend that you test on a backup copy of your site and then upgrade your live site as soon as your testing is completed.

Security Fixes

• SECURITY [LOW]  Fixed XSS issue in Search Component.
• SECURITY [LOW]  Fixed XSS issue in Search results pages.
• SECURITY [LOW]  Disallowed users from adding extra wildcard filters in search strings.
• SECURITY [LOW]  Fixed multiple typos in back end Content Component making array integer check ineffective.
• SECURITY [LOW]  Fixed case-sensitive flaw in Input Filter.
• SECURITY [HIGH]  Fixed CSRF issue allowing portal compromise - Administrator components.

Other Significant Fixes
 

• Administrator logout problem.
• Fixed bug in Search Component where small word were not properly filtered out.
• Improved efficiency of regular expressions in Search Component (thus reducing CPU resources when called).
• Added “Preview” link to Administrator template (to match 1.5).
• Fixed bug in pagination links (extra space was being added to the link).
• Various core API fixes.

For detailed release information, patch files, and upgrade instructions, please visit Joomla’s website.