-
Written by
- Published on
- Hits: 15119
Security Patch for JomSocial 1.6.x
We have released an update to JomSocial 1.6, bringing the version number to 1.6.291 to fix a security issue found recently. This patch addresses an issue where attackers might be able to execute arbitrary Javascript. We recommend all of our customers to apply the patch immediately.
To install this patch:
- Download the file below
- unzip it and copy it to your /components/com_community/ folder
- Also make sure that all your modules and plugins in up-to-date
Download links
Alternatively, if you have little or no template customization, you may download the latest build and simply install it over your current version without uninstalling the older version.
For JomSocial 1.6 that is older than 1.6.288 please make sure you have applied the previous JomSocial update, announced here.
For JomSocial 1.5 and 1.2 with March 31 2010 patch, you may simply install this plugin instead. It will plug the non-persistent xss security issue without having to patch the file.
Please take note that we have only tested the patches on the 1.6.x releases. The patches have also been deployed in our latest stable release 1.6.291 which can be downloaded from your account area at http://jomsocial.com/download.html . If you are using the unsupported 1.7 or 1.8 release, a new build will be published shortly.
Impact: Moderate
Severity: High
Exploit type: XSS Injection
Reported Date: 2010-June-22
Fixed Date: 2010-June-22