Joomla update takes care of new security holes
In addition to more than 40 errors not relevant to security, version 1.0.10 (Sundown) of the Joomla! Open Source content management system remedies a total of nine weak points that affect security. Developers have categorized three of the weak points as "high-level threats" because they allow for SQL injections. Attackers could use them to get access to a database via prepared user parameters. In addition, three cross-site scripting holes were closed along with various smaller holes. Developers highly recommend switching to the new version immediately.
- 1.0.10 Changelog, report from developers
(ju)