Imprimer

Une nouvelle version de Joomla! est disponible depuis le 10 janvier. Celle ci corrige de récentes failles de sécurité ainsi que divers bugs. Pour la télécharger, rendez vous à cette adresse.

 

Voici le changelog (anglais) : Security One low-level and one high-level security issue were fixed in this release: * High Priority: Directory Traversal. A crafted request can allow an attacker to view directory trees on the server. Note: contents of files cannot be edited or deleted, just viewed. More information » * Low Priority: SSL Session Token Disclosure. When running a site as SSL ONLY, if a non-SSL request is made, an attacker can obtain the session token. There is NO risk for Web sites that use both HTTP and HTTPS. More information » For additional information, visit the Joomla Security Center. Components * Fixed Contact Page so that a blank page is not displayed when vCard is not enabled, but is selected in the Contact Parameters (10680) * Resolved problem with Category View Table where filter did not work when cache was enabled (10840) * vCard no longer displays excess spaces (11871) * Small change in components/com_banners/models/banner.php (12577) * Resolved invalid XHTML 1.0 Transitional issues introduced in 1.5.7 for the Contact form (12868) * Fixed problem that resulted in erroneous '404 - Contact not found' page for dropdown in Contact View (12989) * Fixed Contact Category URL problems (13045) * Fulltext Search for Uncategorized and Archived Articles is now working (13490) * onPrepareContent issue for non-com_content Components resulting in a warning message has been resolved (13505) * 'Change Contact Details' link now loads correct page (13542) * Contact image not displaying in front end (13643) * Front-end article submission no longer auto-populates, finish publishing date with same date as start publishing (13673) * Media Manager Javascript error: "Object doesn't support this property or method" that presented for IE has been fixed (13761) * Space between meta keywords no longer removed when saving Articles (13794) * com_installer Module View now correctly displays Author e-mail and URL (13942) * Robots and Author meta retained when copying Articles (13949) * Article Archive pagination fixed (14070) * Correction so that unregistered site visitors can no longer access PDF for registered Articles (14196) * Hits filter in Category List fixed (14390) * Resolved problem where "Register to read more" incorrectly redirected to Front Page, rather than Article (14392) * Poll error message resolved (14394) * Resolved problem where Category List failed to retain Column Sort preference when navigating to a different page (14398) * Resolved problem in Category List where changing Display # to All in page 2 of list would display no results (12932) * Category List now correctly shows filtering option in use (14402) * Corrected 404 error that resulted when menu access was set to Public and Contact Item is Registered (14412) Modules * New modules can now be added, even when there are no modules entries already defined (11874) * Inconsistency removed for Login/Logout Redirection page of mod_login (13611) * JMenu getMenu() doc error corrected (13617) * Archive Module Count Parameter and Tool Tip corrections (13694) * STRPOS error corrected when editing Alias Menu Item (13909) * Toolbar Image now points to an existing image (14171) Plugins * OpenID upgraded to 2.0 protocol, now works with Yahoo (12217) * plgSystemCache plugin now respect site and page language (12115) * Page string in plugins/content/pagebreak.php is now properly externalized (12730) * Legacy Plugin - Login Timeout resolved (13662) * Access level for Plugins fixed (14106) * Fixed OpenID Transition issues (14433) Legacy * No issues fixed for this release Templates * RTL feeds PARAM is now saved in database which corrects RTL feeds in Milkyway and Beez (11235) * CSS and XHTML valid error in JA_Purity resolved, as was invalid CSS validator link (12887) * JA_Purity default status for Modules defined for right position now collapse correctly, when unused (12925) * Fixed CSS errors in rhuk_milkyway/css/template_rtl.css (13517) * Missing H1 text-align in rhuk_milkyway/css/template_rtl.css fixed (13570) * Beez template override for com_search now displays error messages correctly (13584) * Corrected Last Updated date for Beez Template (13632) * Resolved inconsistencies for Beez Template Override Page Titles (13634) * Contact image changes for Beez override (13700) * Incorrect File Reference corrected for Beez Template (13859) * Short PHP Notation in Beez Windows hosting bug introduced in 12798 has been fixed (14313) * en-GB.com_statistics.ini are now correctly deleted (14391) * Removed unnecessary string in JA_Purity template (14414) * Removed unnecessary strings in rhuk_Milkyway template (14415) Language * Language INI files that were incorrectly encoded using UTF-8 with BOM have been fixed (13499) * Untranslated strings in en-GB.ini after SVN 11236 are fixed (13514) * Fixed untranslated strings in com_weblinks (13608) * Fixed untranslated strings in com_contact (13626) * Fixed untranslated Strings in admin/mod_feed (13666) * Spacer values are now translatable (14308) * Fixed issue with JA_Purity spacer so that it is now translatable (14360) * Resolved remaining English string hard-coded in mod_search (14374) * String missing in en-GB.com_installer.ini (14389) * Resolved untranslated language string for "Email a Friend" feature (14395) * Tooltip language string in com_config corrected (13633) Administrator * Added better tooltip text for the Help Server Reset button in Global Configuration System Settings (12023) * Toolbar & value fixed for Media Manager button (12841) * JInstallerHelper Class Function description has been corrected (13574) * Help screens made (13616) * Remove default filter for Super Admininistrator and fix filter whitelist problem (13770) * Corrected error where Editor deleted content for default filter; UTF-8 compatibility is now enforced with JInputFilter (13901) * Removed old dev.joomla.org links (14227) System * query_batch corrected for SQL error (12247) * uri.php changes made in 1.5.7 no longer break back-end URLs if $live_site=Http has an uppercase H (12812) * JFolder::delete bug fixed when folder contain symbolic links on folders (12939) * Typo in sample_data.sql resolved (13549) * License correction for PHPMailer in CREDITS.php (13811) * Fixed error that resulted from invoking JDatabase::Query() more than once (13860) * Cache space is now correctly released (14317) * String bug for strspn() resolved (14339) * Weird characters removed from LICENSES.php file (14408) * Removed outdated link in the installer language file (14410) * Fixed typo in Cache Manager (14434) * Updated Archive_Tar to relicensed BSD version (12746)