XSS and information disclosure vulnerabilities were addressed

Apr 4, 2012 13:20 GMT  ·  By

The Joomla Project released Jomla 2.5.4. The latest variant contains 3 new features and a large number of fixes that address problems which affected the previous variants.

The new features include the option to show full CMS version number in the generator tag, access level for content languages, and an improvement in the auto-update process to make it more reliable across different hosts.

In the security sector, a low priority information disclosure error, which allowed an attacker to view some administrative backend details without authorization, was resolved. The prior versions were also affected by an inadequate filtering issue in the update manager, which led to a cross-site scripting (XSS) vulnerability.

Joomla 2.5.4 also comes with fixes for 157 tracker problems.

Users are advised to update to the latest variant, not only to protect themselves against potential attacks, but also to benefit from the new feature additions.

Joomla 2.5.4 is available for download here Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1