Joomla! 3.8.8 Security Release announced
Joomla! 3.8.8 is a Security Release which addresses NINE security vulnerabilities.
Joomla 3.8.8 includes over 50 bug fixes and improvements.
More details at the following link.
- Core - Information Disclosure about unpublished tags (affecting Joomla 3.1.0 through 3.8.7).
- Core - XSS Vulnerabilities & additional hardening (affecting Joomla 3.0.0 through 3.8.7).
- Core - ACL violation in access levels (affecting Joomla 2.5.0 through 3.8.7).
- Core - Add phar files to the upload blacklist (affecting Joomla 2.5.0 through 3.8.7).
- Core - Installer leaks plain text password to local user (affecting Joomla 3.0.0 through 3.8.7).
- Core - Filter field in com_fields allows remote code execution (affecting Joomla 3.7.0 through 3.8.7).
- Core - Session deletion race condition (affecting Joomla 3.0.0 through 3.8.7).
- Core - Possible XSS attack in the redirect method (affecting Joomla 3.2.1 through 3.8.7).
- Core - XSS vulnerability in the media manager (affecting Joomla 1.5.0 through 3.8.7).
The Joomla! Project recommend that you check and change the following Global Configuration settings:
Text Filters > Administrator,
Users > Send email,
Media > Legal Extensions & Legal MIME Types,
Articles > Show Email.
See link below for what changes to make.
The recommended changes will be the default settings in any NEW 'out of the box' Joomla! CMS installation from Joomla! 3.8.8 onwards.
Visit the link below if you would like to change your website's Global Configuration settings in double quick time.
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.
WYNCHCO Joomla! CMS Support
We coach, help and support managers with responsibility for Joomla! websites in organisations across Cheshire, Manchester, Merseyside, North West England & the UK.