Joomla 3.8.13 Security Notes

From Joomla! Documentation

Revision as of 09:14, 15 October 2018 by MartijnM (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Deutsch • ‎English • ‎Nederlands • ‎eesti • ‎español • ‎français • ‎svenska

Joomla 3.8.13 Security Notes[edit]

New ACL Verification on approving an user after email notification[edit]


As of 3.8.13, Joomla is securing the process on approving an user after an email notification by requesting the administrator, who is going to approve the request, to login into the frontend. After the administrator logged in, they are redirected to the activation URL and the account is activated. The main reason is that we have got some reports on "auto approvings", done by antivirus software checking any URL send by email.

Improved security for the Joomla Update Component[edit]

As of 3.8.13, Joomla is locking down the Joomla Update Component to Super Administrators only, as this component is by design intended to apply changes to the core of the CMS and by also processes sensitive data related to site updates. Therefore we decided that this component and its feature should be restricted to Super Administrators only.