Security

One low-level and one moderate-level security issue were fixed in this release:

• Moderate Priority: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. More information »
• Low Priority: A XSS vulnerability exists in the category view of com_content. More information »

For additional information, visit the Joomla Security Center.

Components

• Article Alias no longer missing from Category Views (14228)
• Section List now drills down correctly to a Category List with Global Content Filters (14510)
• Web link Router now uses correct Category value (14705)
• Article HTML filtering correct when only one Filter group selected (14758)
• Tooltip Help corrected for Section, Category, and Article Alias (15007)
• Sorting lists by values other than Order corrected (15107)
• Archived Article Filter Function works correctly (15124)
• Ampersand in site name no longer breaks Position value in vCard (15143)
• Added “/” before URL in Remind Me and Password links for com_user (15215)
• Search works properly using international characters with SEF enabled (15233)
• Register to Read More in redirect URL correct for Section and Category Menu Items (15266)
• Multiple Search Menu Items now return correct ItemID (15293)
• com_media no longer incorrectly loads CSS files from the backend (15354)
• Fixed invalid XHTML output in com_content and com_contact (15362)
• Small errors in code comments corrected for com_user (15461)

Modules

• Changing the module’s ‘Position’ value now correctly changes the value for the ‘Order’ listbox. (12119)
• When Module is saved, Module’s cache is now cleared (12137)
• Encoding behavior for quotes and ampersands corrected in Modules (13111)
• Menu image alignment resolved (14071)
• Menu Alias respects Active setting (14767)
• Resolved tag error in mod_feed (14948)
• Login Redirect returns to current page when no Redirect URL is specified (15376)

Plugins

• Fixed ID tags used by openid.js (13285)
• Pagebreak works correctly with JCE (14525)
• Pagebreak outputs correct XHTML elements (14496)
• Pagebreak accurately tracks active page (14558)
• Pagebreak works correctly with Section tables (14827)
• Caching error resolved for Remember Me function (14857)
• Menu Item changes are now cached properly (14896)
• SEF Plugin correctly handles “Data” attribute (15137)
• Load Position no longer deletes dollar sign and next two positions, in Module output (15237)

Legacy

• No legacy issues fixed for this release.

Templates

• Beez: Correct Last Updated date used in Section Blog (14571)
• JA Purity: All Article text no longer linked when Category presented (14286)
• rhuk Milkyway: Correct authorEmail value (14439)
• Corrected RTL issue for Site Title when mouse hovering over Template Logo (14945)

Language

• Localization for user name corrected in registration form (14468)
• Corrected localization issue for new Module (13999)
• User details translatable (14710)
• Localization corrected for installation of Component  (14859)
• Copy Menu Items function is now translatable (14944)
• Pagebreak now translatable (15300)
• Uninstalling a Component now has all Language Strings (15375)

Administrator

• Categories are now sortable in reverse order by Order data element (14004)
• Parameter Element ID for folderlist and filelist are correct (14514)
• Date format correct for ‘checked out date’  (14381)

System

• Installation of Extensions no longer fails when zip files are included (9701)
• No longer missing l10n in JApplicationHelper::parseXMLInstallFile() (11798)
• Resolved Javascript errors created by previous SEF Background Image Fix (13973)
• Resolved problem with error handling in JFactory::getXMLParser (14022)
• Case-sensitive image extensions (14059)
• Atom feed validates correctly (14515)
• JString::RTrim method is correct (14491)
• Removed short open tag in admin.categories.html.php (14660)
• JInstallerComponent::_rollback_menu() error resolved when getting DB Connector (14795)
• File move now correctly returns “false” when not read or writable (14818)
• Directory Permissions listed correctly for Temp and Log Folders (14865)
• JFolder::folders no longer returns unnecessary warning (14875)
• Setting Tooltip Offset works correctly (15006)
• JArchiveZip::_extractNative() correctly identifies zip_open() failure (15044)
• Installer.php parseMedia points to correct folder (15047)
• Custom Install file upgraded on Component installation (15217)
• Undefined index HTTP_USER_AGENT error fixed in behavior.php (15282)

Statistics

Statistics for the 1.5.10 release period:

• Joomla 1.5.10 contains:
  • 68 issues fixed in SVN
  • 281 commits
• Tracker activity resulted in a net decrease of 8 active issues:
  • 176 new reports
  • 133 closed
  • 68 fixed in SVN
• At the time the 1.5.10 release was packaged, the tracker had 95 active issues:
  • 44 open
  • 40 confirmed
  • 11 pending

This entry was posted on Sunday, March 29th, 2009 at 4:38 am by Bertus Floor and is filed under Joomla CMS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.