1.0.4 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security work conducted.
1.0.4 Changelog
1.0.4 Version Information
Security Vunerabilities
1.0.4Critical Level Threats
- Potentional XSS injection through GET and other variables
- Affects all previous versions of Joomla! and Mambo 4.5.2.3 - Hardened SEF against XSS injection
- Affects all previous versions of Joomla! and Mambo 4.5.2.3
Low Level Threats
- Potential SQL injection in Polls modules through the Itemid variable
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Potential SQL injection in several methods in mosDBTable class
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Potential misuse of Media component file management functions
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series
Upgrade Instructions
- To update from Joomla! 1.0.3, all you have to do is simply overwrite files from the 1.0.3 to 1.0.4 Patch Package
- To update from Joomla! 1.0.2, all you have to do is simply overwrite files from the 1.0.2 to 1.0.4 Patch Package
- To update from Joomla! 1.0.1, all you have to do is simply overwrite files from the 1.0.1 to 1.0.4 Patch Package
- To update from Joomla! 1.0.0, all you have to do is simply overwrite files from the 1.0.0 to 1.0.4 Patch Package
Conversion Instructions
Migration instructionsJoomla 1.0.4 Full packageThank you to the community for their continued assistance in helping us make Joomla 1.0.x more stable.
Rey Gigataras
Stability Team Leader
