Sonntag, 03 Januar 2010 12:43

Dominion 1.5.1 Update Released

The Dominion Joomla 1.5 template has been updated to version 1.5.1 and has various fixes, including fixing the config per menu items, adding some missing images and fixing the menu.

To update your template, either download the latest template packages from the Dominion download section and replace your template, or if you have made customizations, a listing of the changed and added files and directories is listed below:

Joomla 1.5

Version: 1.5.1
  • Fixed per menu item params saving
  • Fixed some references to outdated images
  • Added styling and images for fontsizer feature
  • Fixed menu dropdown offsets when using no js option in fusionmenu
  • Fixed typos in admin tooltips
Changed Files (template) - Located in the /templates/rt_dominion_j15 directory upon installation:
  • /templateDetails.xml
  • /params/index.html
  • /custom/index.html
  • /css/fusionmenu.css
  • /css/style1.css
  • /css/style2.css
  • /css/style3.css
  • /css/style4.css
  • /css/style5.css
  • /css/style6.css
  • /css/template-ie7.css
  • /css/template.css
  • /gantry.config.php
  • /images/body/dark/fontsizer.png
  • /images/body/light/fontsizer.png
  • /lib/gantry/core/gantry.class.php
  • /lib/gantry/admin/widgets/gantry.js
  • /lib/gantry/admin/menuitemhead/js/menuitemhead.js
More Details here
Published in Template Updates
Montag, 02 November 2009 02:03

[20091103] - Core - XML File Read Issue

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.14 and all previous 1.5 releases
  • Exploit type: Extension Version Disclosure
  • Reported Date: 2009-October-13
  • Fixed Date: 2009-Nov-03

Description

It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.

Solution

Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will deny access to XML files. You can incorporate this code (or similar code) into your .htaccess file. Be sure to test that it does not cause problems on your site.

Reported by WHK and Gergő Erdősi

Contact

The JSST at the Joomla! Security Center.

Published in Sicherheitsmeldungen