One week after the call for help testing Joomla! 1.5.12 RC, the Joomla! Project release the final version of Joomla 1.5.12 [Wojmamni Ama Woi]. (The codename Wojmamni Ama Woi comes from Yaqui language spoken by aboriginals in America. It means the number 12.) This release contains a number of bug fixes and three moderate-level security fixes.
Here are the security fixes included in this version:
- Moderate Priority - Core - Frontend XSS. An attacker can inject JavaScript into URL to be executed on a user's browser.
- Moderate Priority - Core - Missing JEXEC check. Scripts may expose internal path information.
- Moderate Priority - Core - Frontend XSS. HTTP_REFERER is not properly parsed which may allow code injection.
A couple of important changes makes this release an important milestone for the Joomla Project. First, the upgrade of the PEAR library to the new BSD licensed version brings the codebase into full compliance with the GPL. In addition, this release contains an important upgrade to TinyMCE v 3.2.4.1.
See the full list of changes at Joomla! 1.5.12 Released page. Full and upgrade release packages can be downloaded there.