Upgrade to Joomla! 1.0.4

Joomla! 1.0.4 [ Sundial ] is now available on the forge for download here. This is a Security Release, which means it contains fixes for six Security Vulnerabilities. We highly recommend that you upgrade to this version.

1.0.4 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security work conducted.

1.0.4 Changelog
1.0.4 Version Information

 

 

Security Vunerabilities

1.0.4

Critical Level Threats

  • Potentional XSS injection through GET and other variables
    - Affects all previous versions of Joomla! and Mambo 4.5.2.3
  • Hardened SEF against XSS injection
    - Affects all previous versions of Joomla! and Mambo 4.5.2.3

Low Level Threats

  • Potential SQL injection in Polls modules through the Itemid variable
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Potential SQL injection in several methods in mosDBTable class
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Potential misuse of Media component file management functions
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series

Upgrade Instructions

Conversion Instructions

Migration instructionsJoomla 1.0.4 Full package

Thank you to the community for their continued assistance in helping us make Joomla 1.0.x more stable.



Rey Gigataras

Stability Team Leader

 

RECENT ARTICLE

RECENT POST