Joomla 5.1.3 - Security Release
On Tuesday 20 August 2024, Joomla 5.1.3 was released. This version contains important security updates and bug fixes. The security update may affect 3rd party plugins, which should therefore be checked. Note: With this update, an issue has been introduced with pagination in Smart Search and Archived Articles.
Solved security issues
Some XSS (Cross-Site Scripting) security flaws have been discovered in Joomla, which are fixed with this security release. XSS is a security flaw in which an attacker can insert malicious scripts into content. If those scripts are executed on the website, attackers can steal sensitive information, take over user accounts or perform other malicious actions. This XSS security flaw can only be exploited by attackers if they have write access to the website. As additional security, you can use Joomla's default HTTP Headers plugin that defuses any malicious scripts.
Furthermore, the update fixes a ‘Cache Poisoning in Pagination’ issue. Cache Poisoning is a cyber attack in which a malicious person manipulates information stored in a cache (a temporary storage area). Joomla's pagination, the navigation at the bottom of the page to navigate to the next page, could be manipulated. After this update, only predefined parameters can be used. This could cause problems with 3rd-party plugins that also need to fix the potential issue in their code.
NB: This update introduced a new issue with pagination in Smart Search and Archived Articles.
A new patch is likely to follow soon.
Solved issues:
- [20240805] - Core - XSS vectors in Outputfilter::strip* methods
- [20240804] - Core - Improper ACL for backend profile view
- [20240803] - Core - XSS in HTML Mail Templates
- [20240802] - Core - Cache Poisoning in Pagination
- [20240801] - Core - Inadequate validation of internal URLs
Fixed bugs
A detailed overview of the resolved bugs is available on Joomla's official GitHub repository: https://github.com/joomla/joomla-cms/milestone/130?closed=1
If you are not currently using Joomla 5.1.x, it is recommended that you upgrade to that version to take advantage of the functionality available in Joomla 5.1.x.
Are you looking for support updating or migrating to Joomla 5.1.3? Please contact us.