Joomla 3.8.8 is now available. This is a security release which addresses 9 security vulnerabilities, contains over 50 bug fixes, and includes various security related improvements.
Bear Web Design Clients are having this upgrade applied to their accounts today!
Joomla 3.8.8 addresses 9 security vulnerabilities / hardenings and several bugs, including:
Security Issues Fixed
- Low Priority - Core - ACL violation in access levels (affecting Joomla 2.5.0 through 3.8.7) More information »
- Low Priority - Core - Add phar files to the upload blacklist (affecting Joomla 2.5.0 through 3.8.7) More information »
- Moderate Priority - Core - Information Disclosure about unpublished tags (affecting Joomla 3.1.0 through 3.8.7) More information »
- Low Priority - Core - Installer leaks plain text password to local user (affecting Joomla 3.0.0 through 3.8.7) More information »
- Moderate Priority - Core - XSS Vulnerabilities & additional hardening (affecting Joomla 3.0.0 through 3.8.7) More information »
- Low Priority - Core - Filter field in com_fields allows remote code execution (affecting Joomla 3.7.0 through 3.8.7) More information »
- Low Priority - Core - Session deletion race condition (affecting Joomla 3.0.0 through 3.8.7) More information »
- Low Priority - Core - Possible XSS attack in the redirect method (affecting Joomla 3.2.1 through 3.8.7) More information »
- Low Priority - Core - XSS vulnerability in the media manager (affecting Joomla 1.5.0 through 3.8.7) More information »
Bug fixes and Improvements
- Miscellaneous accessibility improvements for the Backend
- Updated CodeMirror to 5.37 and various improvements #20269 #19833 #12542
- Improved handling of numeric user group names #20091
- [com_content] Filter by no author #20245
- Added support for PHP 7.3’s
is_countablefunction #20441 - Sending passwords by email disabled by default for new installs #20247
0 Comments