Joomla! 1.0.10 [ Sundown ] is now available as of Monday 26th June 2006 04:00 UTC for download here.
All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla!
1.0.10 contains the following important security fixes:
- 03 High Level Security Fixes
- 01 Medium Level Security Fixes
- 05 Low Level security
- 40+ General bug fixes
If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.10
1.0.10 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.
- 1.0.10 Download
- 1.0.10 Version Information
- 1.0.10 Changelog
- 1.0.10 Package File MD5 checksums
Security Fixes
Joomla! 1.0.10 Contains nine (09) fixes for High, Medium and Low Level Security Vulnerabilities.
03 - HIGH Level Threats fixed in 1.0.10
A1 Unvalidated Input
- A1 - Secured `Remember Me` functionality against SQL injection attacks
- A1 - Secured `Related Items` module against SQL injection attacks
- A1 - Secured `Weblinks` submission against SQL injection attacks
01 - MEDIUM Level Threats fixed in 1.0.10
A4 Cross Site Scripting
- A4 - Secured SEF from XSS vulnerability
05 - LOW Level Threats fixed in 1.0.10
A1 Unvalidated Input
- A1 - Hardened frontend submission forms against spoofing
- A1 - Secured mosmsg from misuse
- A1 - Hardened mosgetparam by setting variable type to integer if default value is detected as numeric
A4 Cross Site Scripting
- A4 - Secured com_messages from XSS vulnerability
- A4 - Secured getUserStateFromRequest() from XSS vulnerability
High Level Vulnerabilities
1.0.10 fixes 2 High Level security vulnerabilities that affect all previous versions of Joomla! 1.0.x series.
All Joomla! users are advised to upgrade to Joomla! 1.0.10