Joomla! recently released version 3.8.12 which includes patches addressing three security vulnerabilities and several bug fixes.  This is a security release that impacts all versions of the 3.x series of Joomla! applications and users are encouraged to update as soon as possible to avoid potential compromise.

Among the security updates are three low priority vulnerabilities:

  • A cross-site scripting (XSS) vulnerability in the frontend profile.
  • Improper validation leading to an ACL violation on disabled fields that could allow unauthorized access to files.
  • Improper checks on the InputFilter class that could allow malicious files to be uploaded to the site.

In addition to the security issues that were addressed, several bug fixes and improvements were included with this release including:

  • A fix for mod_articles_latest and mod_articles_news that shows “Featured Articles”
  • A fix to display tags in com_content when all other info is hidden
  • A fix in com_tags to make All Tags the default display

A full list of the bug fixes and added features is available on Joomla!’s github. Sites protected by SiteLock SMART PLUS will have these security patches applied automatically the next time scans of the website are run. However, in order to take advantage of the bug fixes and added features, site owners will need to update their Joomla! Version.

If you’re ready to secure your Joomla! site with daily malware scans and Joomla! core security patches, contact us today and ask about SMART PLUS. We are available 24/7 at 855.378.6200.