Security Patch for JomSocial 1.5 and 1.6

JomSocial team just released a security update for JomSocial 1.6 and JomSocial 1.5. This patch addresses an issue where attackers might be able to execute arbitrary javascript with a carefully crafted content. The patch will secure all exploitable holes in current and previous version of JomSocial.
 
We would recommend all of our customers to apply the patch immediately.

To install this patch:

1. Download the attached file and unzip it
2. Upload the files in 'frontend' folder to /components/com_community/
3. Upload the files in 'backend' folder to /administrator/components/com_community/
4. Upload the files in 'modules' folder to /modules/
5. Upload the files in 'plugins/plg_groups/groups.php' file to /plugins/community/

Download links:

JomSocial 1.6.288
JomSocial 1.5.248
JomSocial 1.2.206

Up to date, we haven't received any report on such attacks from live websites and this vulnerability is found by our internal security audit team.

Please take note that we have only tested the patches on the 1.6.288 , 1.5.248 and 1.2.206 releases. The patches have also been deployed in our latest stable release 1.6.289 which can be downloaded from your account area at http://jomsocial.com/download.html