此次更新核心代碼與安全性如下:
Security Issues Fixed
-
Low Priority - Core - ACL violation in access levels
-
Low Priority - Core - Add phar files to the upload blacklist
-
Moderate Priority - Core - Information Disclosure about unpublished tags
-
Low Priority - Core - Installer leaks plain text password to local user
-
Moderate Priority - Core - XSS Vulnerabilities & additional hardening
-
Low Priority - Core - Filter field in com_fields allows remote code execution
-
Low Priority - Core - Session deletion race condition
-
Low Priority - Core - Possible XSS attack in the redirect method
-
Low Priority - Core - XSS vulnerability in the media manager
Bug fixes and Improvements
-
Miscellaneous accessibility improvements for the Backend
-
Updated CodeMirror to 5.37 and various improvements
-
Improved handling of numeric user group names
-
[com_content] Filter by no author
-
Added support for PHP 7.3’s is_countable function
-
Sending passwords by email disabled by default for new installs