Joomla 3.8.13
10 October 2018
Joomla version 3.8.13 is now available (security release).
Upgrading to Joomla 3.8.13
Joomla 3.8.13 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.8.13 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.8.13
Security
- Low Priority - Core - Hardening com_contact contact form (affecting Joomla 2.5.0 through 3.8.12) - Inadequate checks in com_contact could allowed mail submission in disabled forms.
- Low Priority - Core - Inadequate default access level for com_joomlaupdate (affecting Joomla 2.5.4 through 3.8.12) - Joomla's com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution.
- Low Priority - Core - Access level Violation in com_tags (affecting Joomla 3.1.0 through 3.8.12) - Inadequate checks on the tags search fields can lead to an access level violation.
- Low Priority - Core - ACL Violation in com_users for the admin verification (affecting Joomla 1.5.0 through 3.8.12) - In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.
- Low Priority - Core - CSRF hardening in com_installer (affecting Joomla 2.5.0 through 3.8.12) - Added additional CSRF hardening in com_installer actions in the backend.