==================================================================== CERT-Renater Note d'Information No. 2021/VULN346 _____________________________________________________________________ DATE : 07/07/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Joomla versions prior to 3.9.28. ===================================================================== https://www.joomla.org/announcements/release-news/5840-joomla-3-9-28.html _____________________________________________________________________ Joomla 3.9.28 Release Created: 06 July 2021 Joomla 3.9.28 Joomla 3.9.28 is now available. This is a security release for the 3.x series of Joomla which addresses 5 security vulnerabilities and contains 15 bug fixes and improvements. What's in 3.9.28? Joomla 3.9.28 includes 5 security vulnerability fixes and addresses several bugs, including: Security Issues Fixed [20210701] Low Severity - Low Impact - XSS in JForm Rules field (affecting Joomla! 3.0.0 through 3.9.27) More information » [20210702] Low Severity - Low Impact - DoS through usergroup table manipulation (affecting Joomla! 2.5.0 through 3.9.27) More information » [20210703] Low Severity - Moderate Impact - Lack of enforced session termination (affecting Joomla! 2.5.0 through 3.9.27) More information » [20210704] Low Severity - High Impact - Privilege escalation through com_installer (affecting Joomla! 2.5.0 through 3.9.27) More information » [20210705] Low Severity - Moderate Impact - XSS in com_media imagelist (affecting Joomla! 3.0.0 through 3.9.27) More information » Bug fixes and Improvements Update CA certificates #34693 Smart Search: Fix inserting tokens to DB #34497 Fix search suggestions for mixed-case searches #33942 Visit GitHub for the full list of bug fixes. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================