公司客戶網站進行核心與安全性更新

此次更新核心代碼與安全性如下:

Security Issues Fixed

  • Low Priority  - Core - ACL violation in access levels 
  • Low Priority -  Core - Add phar files to the upload blacklist  
  • Moderate Priority -  Core - Information Disclosure about unpublished tags 
  • Low Priority -  Core - Installer leaks plain text password to local user 
  • Moderate Priority -  Core - XSS Vulnerabilities & additional hardening  
  • Low Priority - Core - Filter field in com_fields allows remote code execution 
  • Low Priority - Core - Session deletion race condition 
  • Low Priority - Core - Possible XSS attack in the redirect method 
  • Low Priority - Core - XSS vulnerability in the media manager 

Bug fixes and Improvements

  • Miscellaneous accessibility improvements for the Backend
  • Updated CodeMirror to 5.37 and various improvements 
  • Improved handling of numeric user group names 
  • [com_content] Filter by no author 
  • Added support for PHP 7.3’s is_countable function 
  • Sending passwords by email disabled by default for new installs 

敬啟檢視您的網站。