1 April 2022
Joomla version 3.10.8 is now available (security release).
Upgrading to Joomla 3.10.8
Joomla 3.10.8 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.10.8 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.10.8
- Revert security fix 20220303 due to implementation issues.
- This release was initially withheld from distribution because it didn't pass Installatron's testing standards which all new releases are tested against.
- Joomla 3.10.8 has subsequently been released and passes Installatron's testing standards.
-  Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Extracting an specifilcy crafted tar package could write files outside of the intended path.
-  Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
-  Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) - A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
-  Low Severity - Moderate Impact - Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) - Lack of input validation could allow an XSS attack using com_fields.
-  Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
-  Low Severity - Low Impact - Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) - Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
Bug fixes and Improvements
- Backport JQuery UI security patch for CVE-2021-41184
- Disable Google Fonts setting for 3.10.7+ new installations
- [Regression] Fix updating redirect values unintentionally changed
- Remove FLoC setting as it has been abandoned
- E-Mail Cloak: TLDs long as 10 will no longer truncated until
- Privacy Consent wording I agree vs I do not agree