Joomla 4.4.6 - Security Release
On Tuesday 9 July 2024, Joomla 4.4.6 was released. This is a security and bugfix release that fixes some security issues and bugs found since the previous version. The aim is to improve the security, stability and reliability of the Joomla platform.
Fixed security issues
Some XSS (Cross-Site Scripting) security flaws have been discovered in Joomla, which are fixed with this security release. XSS is a security flaw where an attacker can insert malicious scripts into content. If those scripts are executed on the website, attackers can steal sensitive information, take over user accounts or perform other malicious actions. This XSS security flaw can only be exploited by attackers if they have write access to the website. For added security, you can use Joomla's default HTTP Headers plugin that will defuse any malicious scripts.
Fixed issues:
- [20240701] - Core - XSS in accessible media selection field
- [20240702] - Core - Self-XSS in fancyselect list field layout
- [20240703] - Core - XSS in StringHelper::truncate method
- [20240704] - Core - XSS in Wrapper extensions
- [20240705] - Core - XSS in com_fields default field value
Fixed bugs
A detailed overview of the resolved bugs is available on Joomla's official GitHub repository:https://github.com/joomla/joomla-cms/milestone/128?closed=1
Joomla 4.4.6 does not introduce any new features. It only ensures good preparation for future upgrades from Joomla 4.x to Joomla 5.x. This release contains critical updates that ensure users can upgrade to the latest versions of the CMS without any hassle.
If you are currently using Joomla 4.x, it is highly recommended to upgrade to Joomla 4.4.6 for the improved upgrade capabilities.
Are you looking for support updating or migrating to Joomla 4.4.6? Please contact us.