Joomla CMS with new security features
Version 1.0.13 of the Joomla! content management system is a security release which primarily fixes multiple cross-site scripting vulnerabilities in com_search, com_content, mod_login and in the administrator front end. In addition, there are a number of improvements and new security features. Password storage has been revised to offer better protection of passwords. In addition, the new version offers better control and configuration of the emulation of the PHP register_globals option. Enabling register_globals in the PHP configuration has long been a popular means of opening up a system to attackers. In addition, administrator web sessions should in future be more secure against session fixation and hijacking attacks. The transition between unencrypted and SSL encrypted pages should also now function smoothly.
Before updating to version 1.0.13, users should, however, read through the documentation carefully, as the new password storage system involves radical changes. According to the release announcement, as a result of these changes some third party extensions may no longer function. In particular, users should check whether updates are available for bridges such as Community Builder, Virtuemart, etc.. An update is already available for Virtuemart.
- Joomla! 1.0.13 Released, report from joomla.org