圖片來自:官方新聞稿
更新概要
Joomla! 3.9.25 修正的 9 個安全性威脅以及數個臭蟲修正與改進,主要的修正部分請見以下內容。
安全性修正
- [20210301] Low Severity - Low Impact - Insecure randomness within 2FA secret generation (影響範圍: Joomla! 3.2.0 至 3.9.24) 更多資訊 »
- [20210302] Low Severity - Low Impact - Potential Insecure FOFEncryptRandval (影響範圍: Joomla! 3.2.0 至 3.9.24) 更多資訊 »
- [20210303] Low Severity - Moderate Impact - XSS within alert messages showed to users (影響範圍: Joomla! 2.5.0 至 3.9.24) 更多資訊 »
- [20210304] Low Severity - Moderate Impact - XSS within the feed parser library (影響範圍: Joomla! 2.5.0 至 3.9.24) 更多資訊 »
- [20210305] Low Severity - Low Impact - Input validation within the template manager (影響範圍: Joomla! 3.2.0 至 3.9.24) 更多資訊 »
- [20210306] Low Severity - Moderate Impact - com_media allowed paths that are not intended for image uploads (影響範圍: Joomla! 3.0.0 至 3.9.24) 更多資訊 »
- [20210307] Low Severity - Moderate Impact - ACL violation within com_content frontend editing (影響範圍: Joomla! 3.0.0 至 3.9.24) 更多資訊 »
- [20210308] Low Severity - Moderate Impact - Path Traversal within joomla/archive zip class (影響範圍: Joomla! 3.0.0 至 3.9.24) 更多資訊 »
- [20210309] Low Severity - Moderate Impact - Inadequate filtering of form contents could allow to overwrite the author field (影響範圍: Joomla! 1.6.0 至 3.9.24) 更多資訊 »
臭蟲修正與改進
- Fix Save as Copy tag #32454
- Fix published attribute for Tag field #32332
- Fix batch menu items #32380
- Stream transport should enable verify_peer_name when possible #16501
- Optimize the code for rename incorrectly cased files on update #32176
- Addional PHP 8 improvments #31977 #32374
完整臭蟲修正列表請參考此連結 (GitHub),請利用本文下方下載更新相關檔案,或利用管理區「Joomla! 更新」元件更新網站系統,更新前記得例行備份。