Joomla! recently released version 3.8.8 which included nine security updates addressing various vulnerabilities as well as over 50 other bug fixes. Many of the security vulnerabilities impacted all versions of Joomla! from version 2.5.0 through 3.8.7, making application updates important to protecting sites using the open source platform.
Among the vulnerabilities are three cross-site scripting (XSS vulnerabilities) that impact different parts of the core Joomla! Application. In addition to the low and moderate XSS vulnerabilities, there are six other low priority security issues addressed in the new version. These include addressing possibly vulnerable access to website data and field filtering for Joomla! components.
Websites protected by SiteLock INFINITY with patching enabled have already been patched for these security vulnerabilities, allowing site owners to plan full version updates and take advantage of all bug fixes and features in version 3.8.8. Users who’s sites are protected by INFINITY that do not have patching enabled can enable this within their SiteLock Dashboard at any time, they will then be secured on their next website scan.
While patching secures the vulnerabilities, Joomla! users must update their applications to the new version in order to have access to all bug fixes and features of the new version. Among these bug fixes are:
- Various improvements for the Joomla! Backend
- Improved PHP 7.3 support
- Sending passwords by email is now disabled by default on new installations
For more information on how to secure your Joomla! site with continuous malware scanning and core CMS security patching, contact SiteLock today and ask about INFINITY. We are available 24/7 at 855.378.6200.