Joomla 5.1.4 and 4.4.8 Security and Bug Fix Release

Joomla 5.1.4 and 4.4.8 Security and Bug Fix Release

The Joomla! Project is pleased to announce the release of Joomla 5.1.3 (5.1.4) and 4.4.7 (4.4.8). This is a security and bug fix release for the 5.x and 4.x series of Joomla.

This release continues Joomla’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.

Security Fixes
[20240805] - Core - XSS vectors in Outputfilter::strip* methods
[20240804] - Core - Improper ACL for backend profile view
[20240803] - Core - XSS in HTML Mail Templates
[20240802] - Core - Cache Poisoning in Pagination
[20240801] - Core - Inadequate validation of internal URLs
Please note: the security fixes include two behaviour changes that might affect existing sites. For more information see the 5.1.3 release FAQ page.

Bug fixes and Improvements with 5.1.3
Update TinyMCE to version 6.8.4 (#43808)
Fix attachment handling in Mail class (#43828)
Delete Schema.org data after deleting an item (#43839)
Remove testing channel from CLI (#43764)
Fix frontend language multilingual without compatibility plugin (#43791)
Remove unneeded variables (#43763)
ModalSelect: Fix missing token (#43745)
Fix secure flag for session cookies (#43882)
Fix encoding in popup links (#43874)
Fix header translation for modal select fields (#43878)
Fix Javascript error for radio buttons in sublayout (#43804)
Fix relative URLs in private messages (#43897)


The full list on GitHub is here: https://github.com/joomla/joomla-cms/milestone/130?closed=1