The Joomla! team has been hard at work today releasing version 3.8.4, which contains multiple security updates and bug fixes. Specifically, four major security vulnerabilities were found in Joomla! core files. These vulnerabilities impact all Joomla! versions from 1.5 to 3.7. Three of the four vulnerabilities identified were cross site scripting (XSS) vulnerabilities found in modules and components within the core application. These vulnerabilities could potentially allow attackers to inject malicious code into otherwise legitimate website files. The fourth vulnerability, a SQL injection (SQLi) vulnerability, was identified in the post-install message and could have allowed attackers to inject malicious code into the Joomla! MySQL database.
It is important that Joomla! site owners update their applications as soon as possible to avoid being vulnerable to attack, and to take advantage of the full list of features and bug fixes in the latest version. Bug fixes include PHP 7.2 compatibility fixes and increased Smart Search performance. For a full list, check out the Joomla! GitHub. The latest version of Joomla! can be downloaded on their website or existing sites can be updates through the Joomla! dashboard.
SiteLock SMART PLUS customers are already protected. The Joomla! application will be patched the next time your daily SMART scan is run! If your hosting provider uses the patching technology of Patchman, your Joomla! sites will also be patched automatically. This will give you time to plan and execute a full version upgrade in order to take advantage of the all features and bug fixes in version 3.8.4.
If you’d like your Joomla! application to be automatically patched during the next update, call SiteLock and ask about SMART PLUS. We are available 24/7 at 855.378.6200.