Joomla 5.1.3
20 August 2024
Joomla version 5.1.3 is now available (security release).
Upgrading to Joomla 5.1.3
Joomla 5.1.3 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 5.1.3 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 5.1.3
Security
- [20240805] - Core - XSS vectors in Outputfilter::strip* methods - The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
- [20240804] - Core - Improper ACL for backend profile view - Improper Access Controls allows backend users to overwrite their username when disallowed.
- [20240803] - Core - XSS in HTML Mail Templates - The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.
- [20240802] - Core - Cache Poisoning in Pagination - The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
- [20240801] - Core - Inadequate validation of internal URLs - Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
Bug Fixes and Changes
- Update TinyMCE to version 6.8.4 (#43808)
- Fix attachment handling in Mail class (#43828)
- Delete Schema.org data after deleting an item (#43839)
- Remove testing channel from CLI (#43764)
- Fix frontend language multilingual without compatibility plugin (#43791)
- Remove unneeded variables (#43763)
- ModalSelect: Fix missing token (#43745)
- Fix secure flag for session cookies (#43882)
- Fix encoding in popup links (#43874)
- Fix header translation for modal select fields (#43878)
- Fix Javascript error for radio buttons in sublayout (#43804)
- Fix relative URLs in private messages (#43897)