Skip to main content
Blog

Joomla 4.4.6 - Security Release

On Tuesday 9 July 2024, Joomla 4.4.6 was released. This is a security and bugfix release that fixes some security issues and bugs found since the previous version. The aim is to improve the security, stability and reliability of the Joomla platform.

Fixed security issues

Some XSS (Cross-Site Scripting) security flaws have been discovered in Joomla, which are fixed with this security release. XSS is a security flaw where an attacker can insert malicious scripts into content. If those scripts are executed on the website, attackers can steal sensitive information, take over user accounts or perform other malicious actions. This XSS security flaw can only be exploited by attackers if they have write access to the website. For added security, you can use Joomla's default HTTP Headers plugin that will defuse any malicious scripts.

Fixed issues:

  • [20240701] - Core - XSS in accessible media selection field
  • [20240702] - Core - Self-XSS in fancyselect list field layout
  • [20240703] - Core - XSS in StringHelper::truncate method
  • [20240704] - Core - XSS in Wrapper extensions
  • [20240705] - Core - XSS in com_fields default field value

Fixed bugs

A detailed overview of the resolved bugs is available on Joomla's official GitHub repository:https://github.com/joomla/joomla-cms/milestone/128?closed=1

Joomla 4.4.6 does not introduce any new features. It only ensures good preparation for future upgrades from Joomla 4.x to Joomla 5.x. This release contains critical updates that ensure users can upgrade to the latest versions of the CMS without any hassle.

If you are currently using Joomla 4.x, it is highly recommended to upgrade to Joomla 4.4.6 for the improved upgrade capabilities.
Are you looking for support updating or migrating to Joomla 4.4.6? Please contact us.

Nijmegen Office

db8 Website Support
Galiciestraat 35
6663 NR Lent
The Netherlands

+31 85 301 48 28
support at db8 dot nl
+31 6 44 214 500 (urgent)

Opening hours

By appointment
Monday to Friday
09:00 - 17:00 (5pm)
(Time zone: Central European Time)

Acquisition is
not appreciated

© db8.nl. All rights reserved.