SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for joomla4-4.1.0-2.18.noarch.rpm :

* Mon Mar 21 2022 Lars Vogdt - adjust apparmor profile and dependency to current PHP version supported by Joomla 4.x- try to enable mod_php depending on openSUSE/SLE version installed
* Thu Mar 17 2022 Adrian Schröter - split away from main package for version 4.1.0 Be sure to have updated to latest version 3, before updating to version 4: https://docs.joomla.org/Joomla_3.x_to_4.x_Step_by_Step_Migration
* Mon Jul 19 2021 Lars Vogdt - Update to 3.9.28 Security Issues Fixed
* Low Severity - Low Impact - XSS in JForm Rules field
* Low Severity - Low Impact - DoS through usergroup table manipulation
* Low Severity - Moderate Impact - Lack of enforced session termination
* Low Severity - High Impact - Privilege escalation through com_installer
* Low Severity - Moderate Impact - XSS in com_media imagelist Bug fixes and Improvements
* Update CA certificates #34693
* Smart Search: Fix inserting tokens to DB #34497
* Fix search suggestions for mixed-case searches #33942
* Wed Jun 02 2021 Lars Vogdt - Update to 3.9.27 Security Issues Fixed
* Low Severity - Low Impact - Adding HTML to the executable block list of MediaHelper::canUpload
* Low Severity - Low Impact - CSRF in AJAX reordering endpoint
* Low Severity - Low Impact - CSRF in data download endpoints Bug fixes and Improvements
* Disable FLoC by default #33212
* Postgres compatibility fixes for smart search #31809
* Allow objects stored in tables as json #33633
* Improve indexing performance of Smart Search #33720
* Addional PHP 8 improvment #33113
* Sun Apr 18 2021 Adrian Schröter - Update to 3.9.26 Security Issues Fixed
* Low Severity - Low Impact - Escape xss in logo parameter error pages
* Low Severity - Low Impact - Inadequate filters on module layout settings Bug fixes and Improvements
* Fix caching issues after rebuilding update sites #33040
* Allow to configure load balancer/reverse proxy setting #32866
* Fix loosing extra query parameter for update sites #32862
* MySQL and MariaDB compatibility fixes #32605
* Fix frontend create article permission #32470
* Update CodeMirror to 5.60.0 #32926
* Addional PHP 8 improvment #32767
* Wed Mar 03 2021 Lars Vogdt - Update to 3.9.25 Security Issues Fixed (CVE-2021-23126, CVE-2021-23127, CVE-2021-23128, CVE-2021-23129, CVE-2021-23130, CVE-2021-23132, CVE-2021-26027, CVE-2021-26029) + Insecure randomness within 2FA secret generation + Potential Insecure FOFEncryptRandval + XSS within alert messages showed to users + XSS within the feed parser library + Input validation within the template manager + com_media allowed paths that are not intended for image uploads + ACL violation within com_content frontend editing + Path Traversal within joomla/archive zip class + Inadequate filtering of form contents could allow to overwrite the author field Bug fixes and Improvements + Fix Save as Copy tag #32454 + Fix published attribute for Tag field #32332 + Fix batch menu items #32380 + Stream transport should enable verify_peer_name when possible #16501 + Optimize the code for rename incorrectly cased files on update #32176 + Addional PHP 8 improvments #31977 #32374
* Wed Feb 24 2021 Adrian Schröter - update to 3.9.24 Security Issues Fixed (CVE-2021-23123, CVE-2021-23124 and CVE-2021-23125)
* Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) More information »
* Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) More information » Bug fixes and Improvements
* Continuing to improve PHP 8 support #31628 #31537 #31536 #30921
* Solved performance issue with zip archives containing zip files #31514
* Removes deprecate feature-policy and adds the new Permissions Policy #30819
* Update joomla/image dependency #31663
* Fixed regression SMTP Settings Test #31724
* Fixed regression to save empty passwords in global configuration #31672
* Wed Dec 09 2020 Arjen de Korte - Update source download link and remove _service file (run \'osc service runall download_files\' to download- Use correct version number- Use system apache rpm macros
* Mon Nov 30 2020 larsAATTlinux-schulserver.de - 3.9.23- Update to 3.9.23 Security Issues Fixed + Low Priority - High Impact - com_finder ignores access levels on autosuggest + Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page + Low Priority - Moderate Impact - Path traversal in mod_random_image + Low Priority - High Impact - SQL injection in com_users list view + Low Priority - Low Impact - User Enumeration in backend login + Low Priority - Low Impact - CSRF in com_privacy emailexport feature + Low Priority - High Impact - Write ACL violation in multiple core views Bug fixes and Improvements In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility (see #31246, #30608, #30582, #29353, #30922, #31444, #31434, #31442, #31445). + TinyMCE updated #30329 + Fix for frontend module editing permissions #30778 + Fix for the lost of transparency when cropping/resizing images #30977 + Validation rule added for the redirect header field #31016
* Thu Oct 15 2020 larsAATTlinux-schulserver.de - 3.9.22- Update to 3.9.22 Bug fixes and Improvements + Contact component: Fix for the category filter results #30413 + Page Break: Fix for the page break title when the title attribute is after the class #30519 + Privacy Request: Fix the token check when removing data via a privacy removal request #30479 + Multilanguage: Display an error when the URL language code is saved as empty #30496 + Multilanguage: Force lowercase for url language code #30485
  
ICM