The entire security update can be downloaded here

Joomla 1.5.15 upgrade patch files are here  

 

Important changes:

  • .htaccess change that prevents looking at your extensions XML file
  • PHP 5.3.x compatibility (except of OpenID library)
  • Core components caching

Notable bugfixes:

  • TinyMCE is now working properly - all remaining bugs created by the recent TinyMCE upgrade should be gone now
  • Mootols were upgraded to 1.12 to ensure future compatibility with Firefox 3.6
Complete details of the changes above can be read here .

 

[20091103] - Core - Front-End Editor Issue

Posted: 03 Nov 2009 08:31 AM PST

  • Project: Joomla!
  • SubProject: com_content
  • Severity: Moderate
  • Versions: 1.5.14 and all previous 1.5 releases
  • Exploit type: Front-End Editing
  • Reported Date: 2009-September-05
  • Fixed Date: 2009-November-03

Description

When logged into the front end with Author access, it was possible to replace an article written by another user.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.

Solution

Upgrade to latest Joomla! version (1.5.15 or newer).

Reported by Hannes Papenberg

proudly-canadian-flag.gif
Best Canadian Web Host for Joomla



Joomla Web Hosting Canada RSS Feed