14 DAY TRIAL // Joomla 3.2.3 is available for download. The latest release addresses a total of more than 40 bugs, four of which are security issues.
The list of vulnerabilities includes a high-priority core SQL injection, a couple of medium-priority cross-site scripting (XSS) issues, and one medium-priority unauthorized login flaw.
The SQL Injection vulnerability, caused by inadequate escaping, impacts versions 3.1.0 through 3.2.2. The issue was reported to the Joomla! Security Center on February 6, 2014.
One of the XSS flaws impacts “com_contact” in version 3.1.2 through 3.2.2. The vulnerability was reported earlier this month. The second XSS, reported on March 5, affects variants 2.5.18 and earlier 2.5.x versions, and 3.2.2 and earlier 3.x versions.
The unauthorized logins bug refers to inadequate checking that could have been exploited via Gmail authentication. The affected versions are 2.5.18 and earlier 2.5.x, and 3.2.2 and earlier 3.x releases. The vulnerability was reported on February 21, 2014.
CVE identifiers are pending for all the fixed security holes.
Joomla users are advised to update their installations immediately. You can download Joomla, the latest version, from Softpedia’s Scripts page. The latest release has been created and tested by dozens of individuals. A complete list of names is available on the Joomla website.