Joomla 5.1.2 and Joomla 4.4.6 Security Releases Released
The Joomla development team has released the latest releases of the Joomla 5.1.2 and 4.4.6 branches. The releases include fixes for vulnerabilities and bug fixes for issues found since previous versions.
So, let's explore what's new in these versions.
Security Fixes
[20240701] – Core – XSS in media field with available choice
[20240702] – Core – Self-XSS in fancyselect field list layout
[20240703] – Core – XSS in StringHelper::truncate method
[20240704] – Core – XSS in Wrapper extensions
[20240705] – Core – XSS in default value of field com_fields default
Bug fixes and improvements in version 5.1.2
[5.1] Added channel reset for Joomla Update Component (#43717)
[5.1] Loading Schema.org only in correct forms (#42825)
[5.1] Using created_by 0 if created_by is empty (#43752)
[5.1] PDF embedding is now allowed again (#43716)
[5.1] Changing URL redirection (from headers) [‘Location’]) from array to string (#43734)
[5.1] Fixed radio and checkboxes in the nested field of the subform (#43660)
[5.1] Added onchange option to modal-select form field (#43618)
[5.1] Resetting cache layout data while setting a form field FormField() (#43562)
The full list of changes can be found view on Github.
What's inside version 4.4.6?
Full list of changes Available on Github.
Where to download Joomla 5.1.2?
To get started, please read installation instructions And system requirements.
New installation of Joomla 5.1.2
Update
Where to download Joomla 4.4.6?
Update
Attention! The Joomla archives are hosted in the Amazon cloud, access to which is blocked in the Russian Federation. You can get the latest versions at Github. Perhaps this article will be useful: How to solve the problem with installing the Russian language and updating Joomla.
What about Joomla 3.10?
As you know, the Joomla 3.10 branch completed its life cycle in August 2023 and is no longer officially supported. However, it happens that for some reason projects have not yet been migrated to the current versions of Joomla and continue to spin on the Joomla 3 architecture.
Ethuziast's efforts collect unofficial security patches for Joomla 3, which include patches for vulnerabilities that were closed in current versions of Joomla and also apply to outdated branches of Joomla. Thus, you can download a plugin that will patch the core of your Joomla 3.10.
Just the next patch 1.0.5 is availablewhich includes fresh vulnerability fixes. Enjoy. And still transfer the site to Joomla 4/5.
In conclusion
Like any software, the content management system is being improved. The distinctive feature of the Joomla project is prompt response to closing identified vulnerabilities in the system core. Also, by default, a plugin is enabled that notifies about the release of new versions of Joomla by sending a notification to the super administrator's e-mail with regular repetition of sending until the system is updated. If the site is not abandoned by the owner, then the Joomla infrastructure is maximally aimed at notifying about the release of new versions and then the webmaster needs to update the core.
