4.2.7 (version de sécurité)
1 Février - 100MBSecurity
- [20230101] - Core - CSRF within post-installation messages
- [20230102] - Core - Missing ACL checks for com_actionlogs
Bug fixes and Improvements
- TinyMCE had a lot of fixes for default language, iframe display, showing buttons
- Logos (even on login page) should display correctly
- Breadcrumbs for menu items with tagged items are fixed
- Modals should open and close correctly
- Permissions for mod_submenu are fixed
- Start and end feature for articles and categories received fixes
- Fix for the child templates html directory
- More rel attributes for URL menu type
- Fix batch categories move error
- A lot of PHP 8.2 compatibility fixes
Lire la suite:
https://www.joomla.org/announcements/release-news/5876-joomla-4-2-7-security-and-bug-fix-release.html
4.2.6
13 Décembre 2022 - 100MBBug fixes and Improvements
- Fix upgrade fatal error with repeatable fields
- Fix Content - Email Cloaking removes CSS from Link
- Fix logout redirect error on multilingual site
- Verify that the alias is unique before batch move
- Add PHP 8.2 to PHP version check plugin
- Fix: subform fields do not display in user profile
Lire la suite:
https://www.joomla.org/announcements/release-news/5875-joomla-4-2-6-bug-fix-release.html
4.2.4 (version de sécurité)
25 Octobre 2022 - 100MBSecurity
- [20221001] Low Severity - Critical Impact - Disclosure of critical information in debug mode - Joomla 4 sites with publicly enabled debug mode exposed data of previous requests.
- [20221002] Low Severity - Low Impact - RXSS through reflection of user input in headings - Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
Lire la suite:
https://www.joomla.org/announcements/release-news/5870-joomla-4-2-4-security-release.html
Afficher plus de versions
4.2.3
29 Septembre 2022 - 100MBBug Fixes and Improvements
- Contact form captcha
- Remove overrides when a template is uninstalled
- Missing changelog when discovering a plugin/module/template
- Batch copy fields
- Fix position name in component dashboard
- [Smart Search] Moved statistics in the toolbar
- Keep user.css last in order
- Change bulk unarchive action for redirect links to unpublish
- Use the right mime type in the media field
Lire la suite:
https://www.joomla.org/announcements/release-news/5869-joomla-4-2-3-bug-fix-release.html
4.2.1 (version de sécurité)
31 Août 2022 - 100MBSecurity
- [20220801] Low Severity - Low Impact - Multiple Full Path Disclosures because of missing '_JEXEC or die check' (affecting Joomla! 4.2.0) More Information
Bug Fixes and Improvements
- Failure in setting Redis cache
- Change the db calls back to the getDbo
- Error when Gather Statistic enabled in Smart Search
- Fixed menu login with redirect to menu item on multi-language site
- Add bcmath_compat polyfill for servers without BCmath / GMP support
- Remove unused imports in Multi-factor Authentication
- Fix issue "updateCheck is null"
- Remove hotkeys.js as they have been renamed
- Stats collection must not be shown in captive MFA pages
- CLI application crashed when MVCFactory is used
- Correctly revert pull request no. 38244 for updating from 4.2.0 RC 1
Lire la suite:
https://www.joomla.org/announcements/release-news/5866-joomla-4-2-1-release.html
4.2.0 (version majeure)
22 Août 2022 - 100MBNew Features
- Keyboard Shortcuts for Accessibility
- Multi-Factor Authentication (replaces Two-Factor Authentication)
- Windows Hello support in WebAuthn
- User-defined hide table columns
- Allow typing in the media field
- Indicate if the category is not published
- Allow to disable session metadata tracking for guest users
- Reduce the number of permission columns
- Smart Search: Allow fuzzy word matching
- Package filter in the Extensions: Manage page
Bug Fixes and Changes
- Accessibility plugin - update and fixes
- Joomla Updater improvements
- Improved the extension installer to be more robust
- Added permissions (ACL) to Media Manager actions
- Added Save button to front-end article editing to save and stay in the article
- Added ordering parameters to web service requests
- Upload button only available once the user clicked the checkbox that they are prepared
- Enabled use of Form::process() in FormModel
- Convert log type field to fancy select
- Enqueue requests made from QuickIcon plugins
- Made Media Manager Folder Selectory accessible
- Workflow Notification no recipient
Lire la suite:
https://www.joomla.org/announcements/release-news/5865-joomla-4-2-release.html
4.1.4
25 Mai 2022 - 100MB- Fix nested items re-ordering (#37781)
- Add scheduler sort by last run (#37501)
- Fix toggle chevron in module menu assignment(#37734)
- Set 'secure' flag in session cookies if TLS in enforced (#37777)
- Show workflow stage names in article list view (#37748)
- Fix save2copy for menus (#37813)
- Update to NODE version 16 (#37757)
Lire la suite:
https://www.joomla.org/announcements/release-news/5860-joomla-4-1-4.html
4.1.2 (version de sécurité)
1 Avril 2022 - 100MB4.1.2
Bug fixes
- Revert security fix 20220303 due to implementation issues.
4.1.1
Installatron
- This release was initially withheld from distribution because it didn't pass Installatron's testing standards which all new releases are tested against.
- Joomla 4.1.2 has subsequently been released and passes Installatron's testing standards.
Security
- [20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Extracting an specifilcy crafted tar package could write files outside of the intended path.
- [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
- [20220303] Low Severity - High Impact - User row are not bound to a authentication mechanism (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) - A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
- [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) - Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
- [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) - Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
- [20220307] Low Severity - Moderate Impact - Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) - Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
- [20220308] Low Severity - Moderate Impact - Inadequate content filtering within the filter code (affecting Joomla! 4.0.0 through 4.1.0) - Inadequate content filtering leads to XSS vulnerabilities in various components.
- [20220309] Low Severity - Moderate Impact - XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) - Possible XSS attack vector through SVG embedding in com_media.
Bug fixes and Improvements
- Fix language strings behaviour in TinyMCE
- Fix switch for syntax highlighting in TinyMCE
- Show failed tasks in scheduler
- Correct usage of Jooa11y parameters
- Codemirror enhancements
- Several 8.x PHP fixes
Lire la suite:
https://www.joomla.org/announcements/release-news/5858-joomla-4-1-2-and-3-10-8-release.html
4.1.0 (version majeure)
16 Février 2022 - 100MBThis release sets new standards in accessible web design and brings exciting new features, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.
Improvements
- Tasks Scheduler: Do you have tasks you do time and time again? Or tasks for the future which you must not forget to do? Now you can automate them with the new Task Scheduler. The new Task Scheduler comes in addition to the existing Workflows Manager and Web Services introduced in Joomla 4.0. This unique combination adds a tremendous potential to Joomla as a Web applications and automation framework.
- Child Templates: With child templates, you can create different instances of a template with one click, changing only the lines of code you need to, it is simple and effective. In the past, personalizing template parts for specific pages involved several technical steps, which are now integrated. At its most basic level, it only contains a single file, templateDetails.xml, as everything else is inherited from the parent. There is no limit on the number of child templates that you can create so each one could have different layouts and styles.
- Accessibility Checker: Jooa11y - The Joomla accessibility and quality assurance tool. Every visitor unable to view your page is potentially a lost customer. Joomla 4's main focus is accessibility, and now we enable authors to create great accessible content with Jooa11y: It visually highlights common accessibility and usability issues. Jooa11y highlights content issues and is integrated into the content authoring experience.
- Syntax Highlighting in the integrated editor: Sometimes the “What you see is what you get” (WYSIWYG) is not enough and you have to switch to the HTML code view. Now with Joomla! 4.1 all the code is syntax highlighted in the built-in TinyMCE editor. This will make it so much easier to read all of your HTML tags and CSS classes. Markup is clearly displayed. Additionally, you can search and replace directly in the HTML code view.
- Inline Help: After we cleaned up a lot of redundant descriptions In Joomla 4.0 we now implement the ability to toggle on/off detailed inline help when needed. You can decide if you need support and toggle the extra help on and off. When you are comfortable with how a particular area works, you can turn inline help off and get that minimalist look back.
Lire la suite:
https://www.joomla.org/announcements/release-news/5855-joomla-4-1-0-stable-new-standards-in-accessible-website-design.html
4.0.5
15 Décembre 2021 - 100MBBug fixes and Improvements
- PHP 8.1 compatibility patches. Please note if you show "all errors" there could be deprecation notices on some pages.
- RTL Styling Simplifications
- Tinymce plugin configuration styling improvements
- Fix Joomla Page Cache when System Page Cache plugin is enabled
- Ensure the namespace mapper is regenerated on Joomla update (for future extensions being added in Joomla 4.1 alpha’s)
- Fix SQL Error edge case in the template override update view
Lire la suite:
https://www.joomla.org/announcements/release-news/5851-joomla-4-0-5-and-joomla-3-10-4-are-here.html
4.0.3 (version majeure)
1 Octobre 2021 - 100MBJoomla 4.x is a major version. Everything has been redesigned, rethought, and has new features.
Joomla 4.x requires manual migration from Joomla 3.10 and earlier. For migration information please reference https://docs.joomla.org/Planning_for_Mini-Migration_-_Joomla_3.10.x_to_4.x. At the bottom of that page, you can then proceed to the step by step instructions for migration from 3.10 to 4.x.
Joomla 3.10 will continue to be supported for 2 more years.
Lire la suite:
https://www.joomla.org/announcements/release-news/5848-joomla-4-0-3-and-joomla-3-10-2-are-here.html