نسخه امنیتی جوملا 1.6.1 منتشر شد. به گزارش تیم مامبولرن در این نسخه 12 مشکل امنیتی جوملا 1.6 برطرف شده است. همچنین 210 مشکل دیگر گزارش شده، برطرف شد.
هدف تیم گسترش، انتشار منظم نسخه های جوملا برای جامعه متن باز است. در ادامه مشکلات برطرف شده در این نسخه را میتوانید ببینید :
Security
* Moderate Priority - Core - SQL Injection / Interal Path Disclosure. * Moderate Priority - Core - Path Disclosure. * Moderate Priority - Core - XSS Vulnerabilities. * Moderate Priority - Core - XSS Vulnerabilities. * Low Priority - Core - Information Disclosure. * Moderate Priority - Core - Redirect Vulnerabilities. * Moderate Priority - Core - Information Disclosure. * Low Priority - Core - Unauthorised Access. * Moderate Priority - Core - CSRF Vulnerabilities. * Moderate Priority - Core - DOS Vulnerabilities. * Moderate Priority - Core - XSS Vulnerabilities. * Moderate Priority - Core - CSRF Vulnerabilities.
Issues Fixed
ACL group perms list should be expand/collapsible at will ACL new user group assignement doesn't work ACL A registered user can change their user name ACL No save icon in article editor for new article with category level permission ACL Users with create permission in a category cannot see the image button below the editor Administration Fix background color in high contrast batch fieldsets Administration Refresh Cache in Extension Manager: Failed loading XML file Administration Inconsistent term for User Group Administration Multiple groups are a problem in the user manager Administration Improve the cpanel of admin templates + correting some errors Administration Language fixes and new warnings for com_installer Administration Templates filter searches all extensions Administration Improve the Directory Permissions in com_admin Administration 3rd party components install in location "site" instead of "administrator" Administration *PHP warning in extension manger Administration Missing messages for some menu item types having no Basic Options Administration Problems with aliases when there is a menu alias menu type Administration Alternative Layout Not Implemented in com_search, com_users Authentication & Login *Issue in back-end login module with Languages not installed in db but present in the admin language folder Authentication & Login *Multilanguage on and site offline: loggin front-end gets in a loop Authentication & Login Login form does not use https Code Style PHP Strict Standards Message, Category Blog Code Style CRLF instead of LF in some files Code Style Systematic elimination of DS as directory separator - Round 2 Code Style Wrong class in kategory list mode Components Unescaped value should be filtered. Components Getting 500 errors editing from category blog on front end with default sef on Components SQL Injection can result in information disclosure Components com_contact, wrong string is used in config.xml (COM_CONTACT_FIELD_PROFILE_SHOW_LABEL used twice) Components com_contact view contact links Components com_newsfeeds doesn't set default view in frontend Components com_mailto Spam Email Relay Components SQL error in com_contact if id not set Components Strict standards: Declaration of WeblinksModelCategory::getItems() should be compatible with that of JModelList::getItems() in Components Inconsistency in the Add new newsfeed screen Components Missing tooltip in Web Links Manager Components *menu items metadata not implemented Components Link Author option lacks in Archived Articles menu item Components com_menu not looking for component xml file Components Details of the components are in different orderings Components duplicate case in switch in ~/components/com_users/controller.php Components *Weblinks icon hardcoded Components *Contacts Category model tries to load params from menu even if no Itemid is set Components Clicks on a custom banner are not counted Components *Banners unique alias Components *Search lower and upper limit do not take into account localise.php settings Components *Accommodating for longer string value in Banners Edit page Components com_categories doesn't properly update paths of children categories when moved to a new parent Components Redirect component does not list 404 errors for missing child page when parent page does exist (patch supplied) Components Get error after save options for component Components duplicate code weblink .php Components *Category Save as Copy does not save with different title/alias Components *modal_contacts field type problems Components Joomla displaying error after uploading an image using Media Manager and the path does not stay where it is after the upload Components Double category strings in URLs Components A banner with limited impressions will never show Components Multiselect not implemented in all views Components Can't display teaser text in full article view. Components Extra markup in some component views Components extra closing div in \components\com_weblinks\views\form\tmpl\edit.php Database Issue with MySQL compatibility in joomla.sql with params fields Database in sql file bug Forms Contact form typo - duplicate tag <label> for Email and Message Forms JHtml select.radiolist produces unnecessary label class suffix Forms The "Ordering" form field type defaults to "0", causing accidental changes to ordering of plugins, modules, banners, etc (with patch) Front End Cannot edit a weblink from the frontend Front End Wrong description language code for email1 field Front End *Submitting two articles in the same category with the same title but different aliases doesn't work on frontend Installation Sample data - Wrapper module issue Installation Installation IE fixes Installation J!1.6 lacks a remove installation folder screen Installation com_installer Admin XSS Installation Sample data links Installation Javascript error in installation Installation Internationalisation of sample data options list Installation *Localise xml default language is not highlighted in the drop down Installation *Languages not installed in db but present in the language folders in joomla issue Installation Enabling debug language mode in installation application Installation Add a button to the installation to remove the installation folder Installation Improve installation.js Installation bug: old extension version reported from cache after automatic extension update** Installation Plugins installed via discover are enabled Installation Sample Data Typo Javascript Error parameters formated in tinymce Javascript None of the JS files have been compressed. Javascript Don't use the $() function in JavaScript. Javascript Make some scripts compatible with Mootools 1.3 Joomla! Libraries Some article code can send JFilterInput into an endless loop Joomla! Libraries Fatal error: Cannot use object of type stdClass as array in ../libraries/joomla/updater/updater.php on line 108 Joomla! Libraries response headers show wrong joomla version Joomla! Libraries Manifest data is not being serialized as JSON during install and discovery install. Joomla! Libraries Joomla! Web Application Framework library is uninstallable Joomla! Libraries Library JURI has an optional parameter: it should be mandatory Joomla! Libraries Unused JDate code causing"Catchable fatal error" Joomla! Libraries JController class lacks a unregisterTask method Joomla! Libraries Abort during install of component and module fail due to rollback methods being protected instead of public. Joomla! Libraries typo in databasequery.php - udpate Joomla! Libraries Add support for defer/async to JDocument Languages Hathor status module jtext plurals Languages Missing Language string Cache Unwritable Languages MODULES_ERR_XML incorrectly called Languages Missing language string JLIB_INSTALLER_ABORT_PACK_INSTALLER_COPY_SETUP Languages Incomplete language strings in Mass Mail Languages missing translation for COM_WEBLINKS_DEFAULT_PAGE_TITLE Languages Incorrect language definition in 'List Contacts in a Category' menu item type Languages Incorrect tooltips in Articles Categories module Languages Incorrect tooltip in Module Manager Languages In Bluestork, longer labels are being cut off especially radio button labels Languages *Extra language definitions for icon tooltips in Messages component Languages *Incorrect error string after saving default menu item with set 'Default Page' radio button to 'no' value Languages *No translation of options (plugin names) in ordering field of plugins Languages Incorrect term in a tooltip in the Menu Items screen Languages *Incorrect tooltip for the Enabled column in Plug-In Manager Languages *Incorrect tooltip in News Feed Manager Languages Incosistency in the Link Author article option Languages Contact language is ignored in frontend Languages Untranslated strings TPL_BEEZ5_ISCLOSED and TPL_BEEZ5_LOGO Languages Debug Language showing up Languages The strings used for the display column in the module assignment slider are confusing Languages Cannot Translate Option Values using JForm SQL Field Type** Layouts Extra div element in Category List for unpublished articles Layouts Missing class blog_children Layouts Missing class default_children Modules *Langswitcher module needed display improvement parameters Modules New Window without navigation Modules Backend mod_status private messages pluralisation Modules mod_articles_category creates wrong html code Modules Disabling modules on a page leaves error messages Modules Empty tooltips in module edit screens Modules Mod popular and latest article processing events in content plugins Modules *Don't show empty divs in mod_login Modules Module articles category - fatal error Modules Articles Category Module Gropu by Author error Modules Modules do not have Trashed state Modules Module Banners: "All categories" option does not include all categories Modules Incorrect ID attribute's value in backend menu Modules Stripped code in contents and custom html module Modules JNO/JYES instead JSHOW/JHIDE in mod_weblinks.xml Modules Missing "parent" css class if menu is collapsed Modules mod_articles_category generates a PHP warning when using language filter Modules Fatal error in mod_articles_category when showing readmore Modules *Duplicated module is published Plugins Language switcher broken by #24210 Plugins *debug plugin does not display results if gzip is on Plugins Update GeSHI to 1.0.8.9 Plugins If a system plugin tries to load its language file, Joomla! falls back to setting the default site language to English. Plugins PATCH: Change pagination pagelist Plugins plg_user_profile "Website" field XSS Plugins *Detect browser lang and cookie broken when using languagefilter Plugins *Redundant call to load language in tinymce causes lang load issue Plugins [#24767] *Detect browser lang and cookie broken when using languagefilter Plugins Improve the voting plugin Plugins * Menu manager Multilanguage Deactivate Home Plugins Alias URL does not work with Language filter plugin active - sef off Plugins Plugin User-Profile Birthday field alpha entry crashes Profile Fields in Admin Plugins Upgrade Geshi to 1.0.8.10 Plugins Upgrade Codemirror to Version 0.94 Plugins Codemirror update causes improper characters in template html/css editing RTL *Implementing RTL pagination in beez RTL *RTL/LTR issues in Beez2 and 5 (News feeds and debug) RTL breadcrumbs doesn't look good on rtl templates RTL uppear right toolbar on rtl template isn't align well RTL *Correcting icon message display in installation with rtl lang RTL modifying Beez 20 to compatibility with RTL RTL *modifying Beez5 to compatibility with RTL Search Engine Friendly Transliteration does not work in Category Manager Search Engine Friendly Send HTTP result code 503 for the offline page Search Engine Friendly 404 errors when using pagebreak with sef enabled Search Engine Friendly Remove com_search SEF encoding of search term Search Engine Friendly Redirect is Not Working with SEF Search Engine Friendly sef plugin results in a blank page for large content Templates Missing image in Beez2 and Beez5 Templates /templates status indicator in backend Templates Bluestork administrator template template.css typo Templates In Users, Mass Mail Users, the tooltips are not being styled. Templates beez template typo with position-15 Templates Unstyled dialog when clicking 'new' in module manager Templates Error page styling forces error box to far left Templates Screens jumps when using the ACL widget Templates No rounded corners in Opera for Modal Templates New preview screenshots required for the admin templates Templates Removes references to non-existing stylesheet Templates Image j_button2_right.png missing from system template Templates Remove the border attribute Templates Typo in media/media/css/popup-imagelist.css (wrong color value for background) Templates *Debug position in beez 20 template doesn't work. Templates JS error notices default template in IE7+8 Templates JS patch for Beez5 - IE issue hide.js Templates Beez_20 and Beez 5 xml patch User Interface * Adding a "Location" column in Language Manager User Interface Administration templates renders JForm "checkboxes" incorrectly in config User Interface Admin Trashed menu doesn't display - link error User Interface Trashed articles - no indication of being trashed , when viewed at front of site User Interface *Contact form in frontend does not display the star for required fields User Interface Message label incorect showed and inconsistency with coma after labels in Contact form User Interface *Banners Tracks export modal needs more height User Interface [patch] Enable editor-xtd buttons to have meaningful tooltips User Interface *Accommodating longer strings in bluestork page title User Interface Change "Templates Manager" to "Template Manage" User Interface * Different Alias fields tooltips User Interface *Normalise modals UI User Interface JTRASH instead JTRASHED in jgrid.publishedOptions User Interface Banner Manager: Banners - increase is needed for colspan of table's footer User Interface There is no featured button in the tool bar, so no way to make multiple articles featured User Interface Cannot allow a group to create in a single sub category User Interface PNG images are not optimized
Statistics for the 1.6.1 release period:
* Joomla 1.6.1 contains: o 210 tracker issues fixed in SVN o 12 security issues fixed

|