#JUGL meetings are held on the 3rd Tuesday of each month

NEXT MEETING:

Official Joomla! Announcements

JS Font Awesome Migrate

JS Font Awesome Migrate plugin allows you to migrate Font Awesome 4 to 5 without the need of manually editing the templates or extensions code. Font Awesome 5 breaks backwards compatibility with Font Awesome 4 by changing both the prefixes and also the names of certain icon classes. A lot of templates and extensions are still using the outdated Font Awesome 4, therefore, users who want to use the newest icons are facing the compatibility issues.

Features:
- Loads the latest Font Awesome 5 library on your website
- Converts FA 4 icons to FA5
- Possibility to manually add new or missing icons

Read more

[20181005] - Core - CSRF hardening in com_installer

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0 through 3.8.12
  • Exploit type: CSRF
  • Reported Date: 2018-September-26
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17858

Description

Added additional CSRF hardening in com_installer actions in the backend.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Raviraj A. Powar

Read more

[20181004] - Core - ACL Violation in com_users for the admin verification

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 1.5.0 through 3.8.12
  • Exploit type: ACL Violation
  • Reported Date: 2017-December-27
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17855

Description

In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Paul Freeman

Read more

[20181003] - Core - Access level Violation in com_tags

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.1.0 through 3.8.12
  • Exploit type: ACL Violation
  • Reported Date: 2018-June-20
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17857

Description

Inadequate checks on the tags search fields can lead to an access level violation.

Affected Installs

Joomla! CMS versions 3.1.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Андрей Капитанов

Read more

Page 55 of 55

Launch a Full version of Joomla! for FREE (including hosting) Find out More