Official Joomla! Announcements
Syntaxo, highlight your code and is a magic multi syntax tool.
Read more http://feeds.joomla.org/~r/JoomlaExtensions/~3/qcZWYwlGc7Y/syntaxo
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.8.13 through 3.9.6
- Exploit type: Incorrect Access Control
- Reported Date: 2019-April-10
- Fixed Date: 2019-June-11
- CVE Number: CVE-2019-12764
Description
The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
Affected Installs
Joomla! CMS versions 3.8.13 through 3.9.6
Solution
Upgrade to version 3.9.7
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.9.0 through 3.9.6
- Exploit type: CSV Injection
- Reported Date: 2019-April-29
- Fixed Date: 2019-June-11
- CVE Number: CVE-2019-12765
Description
The CSV export of com_actionslogs is vulnerable to CSV injection.
Affected Installs
Joomla! CMS versions 3.9.0 through 3.9.6
Solution
Upgrade to version 3.9.7
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.6.0 through 3.9.6
- Exploit type: XSS
- Reported Date: 2019-January-01
- Fixed Date: 2019-June-11
- CVE Number: CVE-2019-12766
Description
The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.
Affected Installs
Joomla! CMS versions 3.6.0 through 3.9.6
Solution
Upgrade to version 3.9.7
Contact
The JSST at the Joomla! Security Centre.
THE ORIGINS OF JOOMFLOWS
Behind the Joomflows component there is a group of three companies
specialized in the creation of high added value websites: intranet,
extranet, community sites or e-commerce. Through the various
specifications that we receive, we noticed that many processes did
not require a direct treatment but a follow-up action, a framework
of work. And since most of our clients are not monolithically
structured, actions depend on multiple people or multiple services.
The need to create a Workflow Manager was born.
Take an example, it will be easier to understand.
One of our clients is a training center that we could call "Pure Player" in the sense that all its activity is based on its website. Student management work ranges from registration on the site to graduation. And between these two milestones it can happen a year of administrative management, the file can pass from the registration service to the accounting department and then to the support service, exams, etc.
At each stage the processes will have to be checked, validated and sent to the next step.
Many of you work surely with heuristic maps, here is the simplified version of the part inscription required by the specifications of this project.
This diagram makes it possible to understand the interactions between the different actors, the future student to whom the registration service of the training organization requests supporting documents, as well as the accounting department and all this via emails in which are attached documents to be completed. or to sign. The origin of Joomflows comes from this schema and our desire to transform a long and complicated workflow into a simple action series to create and administer.
Read more http://feeds.joomla.org/~r/JoomlaExtensions/~3/e312A5uiUBQ/joomflows