Skip to main content

Joomla! 3.2.3 released - security update.

| Andrzej Herzberg | News

Something new for everyone – with this motto the Joomla! Project and the Production Leadership Team introduce the security release of Joomla! 3.2.3.

 

Joomla! 3.2.3 version includes over 40 bugs fixed counting 4 security issues.joomla-security-release

Few important details of the tracker items fixed:

  • Register a user with the same alias (contact creator plugin enabled)
  • JHtml::_('bootstrap.tooltip') doesn't accept 'container' parameter as string
  • Check if $module is an object in JModuleHelper::renderModule()
  • Use JDatabaseQuery
  • Update to jQuery 1.11.0
  • Update TinyMCE to 4.0.18
  • check all notes

Security issues fixed:

  • High Priority
    Inadequate escaping leads to SQL injection vulnerability.
  • Medium Priority
    Inadequate escaping leads to XSS vulnerability in com_contact.
    Inadequate escaping leads to XSS vulnerability.
    Inadequate checking allowed unauthorised logins via GMail authentication.

If you are currently running Joomla! 3.2, you should apply this update immediately. For other versions from 3.x series developers recommend to update as soon as possible.

To support efforts of Joomla! Project, you can contribute e.g. as Joomla! Bug Squad member. 30 people from that squad worked together to bring you 3.2.3 version!

Downloads & Instructions