Skip to main content
Blog
Joomla 5.2.4 security en bugfix release
Subscribe to our newsletter!

Joomla 5.2.4 security en bugfix release

On Tuesday, February 18, 2025, Joomla 5.2.4 was released. This is a security and bugfix release that addresses a security issue in Joomla 5.x.

Fixed security issues

Three security issues are fixed with this security update:

  • [20250201] - Core - SQL injection vulnerability in Scheduled Tasks component
    Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.

Fixed bugs

This 5.2.4 update fixes some bugs:

  • Fix namespace map creation on PHP 8.4 (#44789)
  • Fix PHP Warning for debuguser, debuggroup (#44721)
  • Fix handling of null values on update row (#39607)
  • Fix cache counting issue - correctly count number of files (#43986)
  • Fix permissions for manually running scheduled tasks (#36719)
  • Tag Router: Allow numeric/CSV IDs (Regression) (#44784)
  • Fix for Composer update to enshrined/svg-sanitize to resolve SVG upload issues (#44746)
  • Fix for Article cannot be saved successfully on the front-end (#44680)
  • Fix media downloads with spaces (Follow-up of #37396) (#44745)
  • Finder Router: Filter out unnecessary query elements (#44055)
  • Jooa11y plugin and page cache conflicts (#41956)
  • Fix a11y issue in accordion (role attribute) (#40578)
  • Remove alt-text for menu items when both image and title are set (a11y fix) (#40675)
  • Fix breadcrumbs color in light and dark mode (#44212)
  • Email alt text fix in contact component (#44491)
  • Web Asset Manager: Incorrect loading of external resource with / at the end (#44774)
  • Fix media downloads with spaces (Follow-up of #37396) (#44745)
  • Fix multi-select behavior in Media Manager (Follow-up of #39824) (#44747)
  • Fix error handling when creating folders in Media Manager (#39878)
  • Fix assets for com_scheduler on new installations (#44684)
  • Fix password reset broken in backend (#44723)
  • Email cloak plugin fails for emails with IDN (Internationalized Domain Names) (#39888)
  • Fix handling of root path removal only when it is at the beginning (#36685)
  • Load the namespace from the cached manifest (Reverted) (#44755)
  • Fix for Codemirror duplicated assets entries (#44674)

A detailed list of the fixed bugs is available on Joomla's official github repository: https://github.com/joomla/joomla-cms/milestone/136?closed=1

Do you need support with updating or migrating to Joomla 5.2? Then contact us.

Other articles

New website,
website optimisation,
website support or
training needed?

Nijmegen Office

db8 Website Support
Galiciestraat 35
6663 NR Lent
The Netherlands

+31 85 301 48 28
support at db8 dot nl
+31 6 44 214 500 (urgent)

Opening hours

By appointment
Monday to Friday
09:00 - 17:00 (5pm)
(Time zone: Central European Time)

Acquisition is
not appreciated

© db8.nl. All rights reserved.