Joomla

Post by **KALSTER** » 22 Apr 2010, 22:38

Joomla Remote

Looks pretty interesting! Trying it out now.

doo_much · Post by **doo_much** » 23 Apr 2010, 09:27

Stuart wrote: My biggest gripe with Joomla so far was that there was no simple, Joomla-certified way to update your site from 1.0 to 1.5. We have a LOT of content on our church website, and it took me MONTHS to figure out how to successfully transfer content across. I sincerely hope that they're not going to make the same mistake when they release 2.0.

On another note, I've been surprised to see how long 1.5.15 has lasted without a security update. Either they did a really good job of it or they are not updating like they should. In the past, updates have been rather frequent. But this particular release has stayed current for a long time now.

I luckily only ran into it post 1.0!

And since I'm a horrible webmaster I have weasel do all my security updates for me - I'm too lazy!

KALSTER wrote:
Joomla Remote
Looks pretty interesting! Trying it out now.

It looks pretty interesting but it actually kinda sux.

doo_much · Post by **doo_much** » 25 Apr 2010, 11:37

Stuart wrote: On another note, I've been surprised to see how long 1.5.15 has lasted without a security update. Either they did a really good job of it or they are not updating like they should. In the past, updates have been rather frequent. But this particular release has stayed current for a long time now.

It seem that your wish is their command!

Joomla! Security News

* [20100423] - Core - Negative Values for Limit and Offset
* [20100423] - Core - Installer Migration Script
* [20100423] - Core - Sessation Fixation
* [20100423] - Core - Password Reset Tokens

[20100423] - Core - Negative Values for Limit and Offset

Posted: 23 Apr 2010 10:31 AM PDT

* Project: Joomla!
* SubProject: All
* Severity: Moderate
* Versions: 1.5.15 and all previous 1.5 releases
* Exploit type: information Disclosure
* Reported Date: 2010-Feb-21
* Fixed Date: 2010-Apr-23

Description

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.
Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.
Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Security List
Contact

The JSST at the Joomla! Security Center.

Post by **Stuart** » 25 Apr 2010, 11:56

Woohoo. 1.5.15 introduced some other minor irritations for me. Let's hpe they're fixed now.

doo_much · Post by **doo_much** » 25 Apr 2010, 14:26

Let me know.

I'm waaaay to lazy to do it myself!

PCFormat Forum Archive

Joomla

Re: Joomla

Re: Joomla

Re: Joomla

Re: Joomla

Re: Joomla