Joomla has released security updates 5.2.3 and 4.4.10, fixing XSS vulnerabilities, ACL violations, and other bugs. The update also improves TinyMCE, mail, and image handling. Download the update and keep your site secure!
The Joomla project has released updates 5.2.3 and 4.4.10 aimed at fixing bugs and improving security in Joomla versions 5.x and 4.x.
Security Fixes
- XSS vulnerabilities in modules.
- XSS vulnerability in the id attribute of menu lists.
- ACL rule violations in some views.
Changes and Improvements
- Fixed a bug in the TinyMCE plugin joomlaExtButtons.
- Corrected email validation with apostrophes.
- Resolved issues with empty images and links in the
articles_newsandarticles_categorymodules. - Fixed incorrect display of buttons and links on the frontend.
- Added support for multi-selection for checkboxes.
- Improved error handling during extension updates.
- Fixed a JavaScript error when working with multilingual associations.
- Updated contrast in dark mode.
- Updated Composer to remove deprecated PHP functions.
What About Joomla 4?
The security fixes are also relevant for Joomla 4.4.10.