Joomla! 4.2.4 Released
Joomla 4.2.4 is now available. This is a security release for the 4.x series of Joomla which addresses 2 security vulnerabilities.
Security issues fixed
- [20221001] Low Severity - Critical Impact - Disclosure of critical information in debug mode (affecting Joomla! 4.0.0 - 4.2.3)
- [20221002] Low Severity - Low Impact - RXSS through reflection of user input in headings (affecting Joomla! 4.0.0 - 4.2.3)
As the main issue focuses on the site having its debug mode set to Yes, the quickest way to help your site while backing up and preparing for the update is to simply switch “Debug System” to No if it is switched currently on.
Debug is located in the Global Configuration area of your site under the System tab.
If you are running a publicly accessible Joomla 4.x site which had debug mode enabled for a significant timeframe, we strongly recommend checking the site for suspicious activity as the issue has been observed to be exploited in the wild by at least one actor.
At the point of pushing the changes, some of the bug fixes that were intended for the next planned release made their way into this release.
Visit GitHub for the full list of 4.2.4 fixes
Click here for full release information.
We are familiar with the implementation of the upgrade and are currently upgrading multiple sites CONTACT US for a free proposal to update your site.