In association with heise online

04 April 2012, 12:43

Joomla! 2.5.4 closes more security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Joomla logo Two weeks after its last security update, the Joomla! project has published another update to the 2.5.x branch of its open source content management system (CMS) which addresses two vulnerabilities. Version 2.5.4 of Joomla! closes an information disclosure hole that allowed unauthorised access to administrative information and fixes a problem that could have been exploited by an attacker to conduct cross-site scripting (XSS) attacks. Versions 2.5.0 to 2.5.3 are affected.

The update to Joomla! 2.5 also adds three new features, including an option to show the full CMS version number in the generator tag, and fixes more than 150 bugs. All users are advised to upgrade.

A full list of changes and fixes can be found in the release announcement and in the security advisories. Version 2.5.4 of Joomla! is available to download from the project's site and is licensed under the GPL.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1501510
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit