1. Copyright and disclaimer --------------------------- This application is opensource software released under the GPL. Please see source code and the LICENSE file 2. Changelog ------------ This is a non-exhaustive (but still near complete) changelog for Joomla! 1.0, including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes. 3. Legend --------- * -> Security Fix # -> Bug Fix + -> Addition ^ -> Change - -> Removed ! -> Note 09-Feb-2008 Wilco Jansen # Fixed [9249] Unable to delete mambots # Fixed [6072] GPL url points to version "latest" (v3) instead of V2 in all files # Fixed [9013] Missing $mainframe in popups # Fixed [9413] Not authorized error in forced logout # Fixed [9321] Menu Name at menu manager is missing # Fixed [9250] Unable to uninstall Template and languages ! Thanks Jens-Christian Skibakk for providing patches 07-Feb-2008 Andrew Eddie # Fixed [#7276] mosMakePath sometimes leaves trailing / in the end of the path given to mkdir() # Fixed [#8844] Unescaped special characters with database::getEscaped() # Fixed [#7608] XSS attack with case sensitive flaw in input filter # Fixed [#6122] mosGetParam numeric check bug # Fixed [#6021] Backend full menu ACL corrections # Fixed [#9197] Wrong variable name in admin.menus.php # Fixed [#9198] Wrong variable name in admin.contact.php --------------- 1.0.14 RC1 Released -- [13-January-2008 23:00 UTC] --------------------- 13-Jan-2008 Andrew Eddie # Moved instantiation of frontend $my above login block 11-Jan-2008 Ian MacLennan # Fixed bug in search where small words were not being filtered out properly # Fixed problem in search with regex using too many resources (related to above) # Fixed 1.0 version of [#8404] Incorrect highlighting of search terms (as a byproduct) 07-Jan-2008 Andrew Eddie # Fixed where spoof values where same for anonymous and logged in users + Added "preview" link in admin template (similar to what is in version 1.5) 04-Jan-2008 Andrew Eddie * SECURITY [LOW level]: Fixed multiple typos in backend com_content making array integer check ineffective * SECURITY: Fix XSS attack in search results pages # Fixed bad &'s in wrapper.xml, mosimage.xml, mod_wrapper.xml and mospaging.xml # Fixed minor bug in com_weblinks where link empty # Fixed [#7650] Problem with if statement (?) in mod_related_items # Fixed [#8381] too many argument in com_search page header parameter # Fixed [#5318] mosPageNav::writePagesLinks adds trailing space to _PN_NEXT href # Fixed [#8599] Invalid Redirect URL of content_item_link menu item # Fixed [#7242] ACL: SQL errror when deleting user in joomla in backend (actually in mosUser::delete( $id ); ) 02-Jan-2008 Anthony Ferrara # Fixed delete issue with com_media in backend spoof check ^ added method param to josSpoofCheck to change checked variable 10-Aug-2007 Rob Schley * SECURITY A4 [LOW Level]: XSS issue in com_search # Fixed [topic,193707] Joomla! 1.0.13 Admin session dies for certain $task values ---------------------------------------------------------------------------------------- --------------- 1.0.13 Stable Released -- [21-July-2007 16:00 UTC] --------------------- 21-Jul-2007 Robin Muilwijk ^ (version.php) preparation for release 18-Jul-2007 Rob Schley # Fixed admin session problems with immediate logout after login. # Fixed a few misc. bugs. 11-Jul-2007 Sam Moffatt ^ Removed assumption that a group exists for a user (may not actually be true) 04-Jul-2007 Rob Schley # Fixed a bug in the administrator login system that prevented users from logging in 02-Jul-2007 Rob Schley * SECURITY A6 [LOW Level]: Fixed [#5630] HRS attack on variable "url" * SECURITY A1 [LOW Level]: Fixed [#5654] Multiple fields subjected to cross-site scripting vulnerabilities * SECURITY A7 [LOW Level]: Fixed possible session fixation vulnerability in administrator application 29-Jun-2007 Louis Landry ^ Hardened password storage mechanism to use a random salt ! Remember Me cookies will be invalid and require a re-login 20-May-2007 Rob Schley # Fixed key reference lookups to match whole results only # Fixed two help screen naming issues. ^ Changed RG_EMULATION warning message to refer to Global Configuration Setting 17-May-2007 Rob Schley ^ Moved register globals emulation controls into Global Configuration 15-May-2007 Rob Schley # Fixed [topic,170296] : Typos in Search Mambot configurations 14-May-2007 Rob Schley # Fixed [topic,153233] : "Mail to Friend" parameter checks not checking content item setings # Fixed [topic,126371] : IE7 left align problem # Fixed [topic,167745] : Added JavaScript alert for empty category title 28-Apr-2007 Rob Schley ^ Changed cookie naming conventions to not break when using HTTPS # Fixed [topic,156116] : Optimzed queries for menu creation to improve performance. * SECURITY A4 [ LOW Level ]: XSS issue in com_search and com_content * SECURITY A4 [ LOW Level ]: XSS vulnerability in mod_login 16-Apr-2007 Enno Klasing # Re-enabled Itemid behaviour of 1.0.11 (optional, default is behaviour of 1.0.12) ---------------------------------------------------------------------------------------- --------------- 1.0.12 Stable Released -- [25-December-2006 01:00 UTC] ----------------- 24-Dec-2006 Rob Schley # Fixed two hard coded alt tags + Added new language constant _BANNER_ALT ^ Preparations for Stable packaging # Removed local help screen content and replaced it with links to the online versions 19-Dec-2006 Rob Schley + Added 119 help screen files. ^ Changed 20 help screen titles. # Fixed several grammar problems throughtout the Joomla! core 18-Dec-2006 Enno Klasing # Fixed [artf5166] : Server Time offset issue, while submitting news # Fixed [artf6439] : https switchover 18-Dec-2006 Rob Schley # Fixed bug in offline.php when using the database class without a working database connection. # Fixed spelling and grammar mistakes in english.php as per suggestions. 15-Dec-2006 Enno Klasing # Fixed sample data: removed (nonexistent) RSS feed from OSM # Fixed redirect to installation directory: removed need for lowercase directory names 13-Dec-2006 Rob Schley # Fixed spelling and grammar errors in com_menus # Fixed changelog formatting. 13-Dec-2006 Enno Klasing + Added security warning message to the installer component # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib * SECURITY A1 [ Medium Level ] : Removed unneeded legacy functions 12-Dec-2006 Enno Klasing # Fixed bug in TinyMCE: help screen disabled # Fixed IE7 display bug with mosTabs # Fixed [artf7028] : Two bugs in TinyMCE 11-Dec-2006 Enno Klasing # Fixed [artf7021] : Bug with com_messages and message titles including a single quote 10-Dec-2006 Rob Schley # Fixed grammar problems in SQL data. # Fixed grammar problem in com_config. # Fixed usages of "Joomla!" missing the exclamation point. 10-Dec-2006 Enno Klasing # Fixed [artf6762] : mos_section showing unexpected behavior # Fixed IE7 display bug in the toolbar of the polls component 07-Dec-2006 Rob Schley # Fixed [artf6863] : Changed the include file from template_css.css to offline.css to avoid conflicting styles 07-Dec-2006 Enno Klasing # Fixed [artf6296] : josSpoofCheck does not check arrays and generates php warning 06-Dec-2006 Marko Schmuck # Fixed [artf6884] : mosimage align=right causes problems in IE6 # Fixed [artf6779] : Link-URL containing character ] breaks 06-Dec-2006 Enno Klasing # Fixed [artf6922] : Registration not working as expected (JavaScript popups) 06-Dec-2006 Mateusz Krzeszowiec # Fixed [artf6832] : getItemid() function in joomla.php will not return correct $Itemid # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib, continued # Fixed [artf6786] : sef.php and multilingual config 05-Dec-2006 Rastin Mehr # Fixed [artf6751] : Banner upload target directory bug # Fixed [artf6522] : Quotes in User Name breaks checkedOut overlib, fixed similiar bugs from another report 02-Dec-2006 Sam Moffatt # Fixed [artf6484] : com_registration bug (removed SQL error message) 01-Dec-2006 Enno Klasing # Fixed [artf6903] : Anchors to Frontpage in SEF-URLs # Fixed [artf6901] : LIMIT in MySQL queries # Fixed [artf6844] : Javascript escape bug for poll.php # Fixed [artf5788] : Frontpage content item category links enable section links 30-Nov-2006 Rastin Mehr # Fixed [artf6577] : Registration name, username & email cleanups: spaces not allowed 30-Nov-2006 Emir Sakic # Fixed [artf6841] : Submit Contact Form doesn't work with deactivated cookies # Fixed [artf6846] : Error with new document - without categories 30-Nov-2006 Mateusz Krzeszowiec # Fixed [artf6786] : sef.php and multilingual config 30-Nov-2006 Marko Schmuck # Fixed [artf6921] : [patch] fixing a bug on modules/mod_archive.php # Fixed [artf6876] : Orphan user information in phpGACL tables after user was deleted 29-Nov-2006 Mateusz Krzeszowiec # Fixed [artf6749] : bot mosloadposition stippes $ # Fixed [artf1527] : "open_basedir restriction" warning 28-Nov-2006 Enno Klasing # Fixed [artf6766] : Login form; you are not authorized... # Fixed [artf6765] : Login form problem # Fixed [artf6567] : Change error message for cookie test failure 27-Nov-2006 Enno Klasing # Fixed [artf6860] : Admin Login and PHP's session.auto_start 27-Nov-2006 Emir Sakic # Fixed [artf6865] : Relocate