Joomla 4.4.3 - Security + Bugfix Release
On Tuesday 20 February 2024, Joomla 4.4.3 was released. This release is a security update and also fixes some bugs found since the previous version. The goal is to improve the security, stability and reliability of the Joomla platform.
Resolving security issues
Joomla, like other professional software publishers, reports found security issues to "Common Vulnerabilities and Exposures" (CVE). This is an organisation that registers security issues. Only after the release of Joomla 4.4.3, i.e. after a patch was created for it, were the issues disclosed:
[20240201] - Core - Insufficient session expiration in MFA management views
[20240202] - Core - Open redirect in installation application
[20240203] - Core - XSS in media selection fields
[20240204] - Core - XSS in mail address outputs
[20240205] - Core - Inadequate content filtering within the filter code
Solving bugs
A detailed overview of the fixed bugs is available on Joomla's official github repository: https://github.com/joomla/joomla-cms/milestone/121?closed=1. This overview provides a transparent view of the issues that have been addressed and the corresponding fixes.
While this release does not introduce any new features, it is important to stress that it is a crucial step in preparing for future upgrades. Joomla 4.4.3 lays the foundation for a smooth transition from Joomla 4.x to Joomla 5.x. It includes essential updates that ensure users can upgrade to the latest versions of the CMS without problems.
By focusing on improving the upgrade path, Joomla users can benefit from the latest features, security improvements and bug fixes introduced in future releases of the platform.
If you are currently using Joomla 4.x, it is highly recommended that you upgrade to Joomla 4.4.3 to take advantage of the enhanced upgrade capabilities and ensure your website remains secure and up-to-date.