1 April 2022
Joomla version 4.1.2 is now available (security release).
Upgrading to Joomla 4.1.2
Joomla 4.1.2 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 4.1.2 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 4.1.2
- Revert security fix 20220303 due to implementation issues.
- This release was initially withheld from distribution because it didn't pass Installatron's testing standards which all new releases are tested against.
- Joomla 4.1.2 has subsequently been released and passes Installatron's testing standards.
-  Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Extracting an specifilcy crafted tar package could write files outside of the intended path.
-  Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
-  Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) - A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
-  Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
-  Low Severity - Low Impact - Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) - Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
-  Low Severity - Moderate Impact - Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) - Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
-  Low Severity - Moderate Impact - Inadequate content filtering within the filter code (affecting Joomla! 4.0.0 through 4.1.0) - Inadequate content filtering leads to XSS vulnerabilities in various components.
-  Low Severity - Moderate Impact - XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) - Possible XSS attack vector through SVG embedding in com_media.
Bug fixes and Improvements
- Fix language strings behaviour in TinyMCE
- Fix switch for syntax highlighting in TinyMCE
- Show failed tasks in scheduler
- Correct usage of Jooa11y parameters
- Codemirror enhancements
- Several 8.x PHP fixes