This release continues Joomla 4’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.
Security issues fixed with 4.3.2
- [20230501] Low Severity - Low Impact - Low Probability - Open Redirect and XSS within the mfa selection (affecting Joomla! 4.2.0 - 4.3.1) More Information
- [20230502] Moderate Severity - Critical Impact - Low Probability - Bruteforce prevention within the mfa screen (affecting Joomla! 4.2.0 - 4.3.1) More Information
This version fixes issues encountered during the update process by a number of users. In particular this release addresses:
Accessibility
- hide table headers in tables rather than omit them when 'show headings' is set to 'no'
- aria-label not translated in com_banners
- reset statistics on banner duplication
- cannot batch copy banners
- cannot batch copy contacts
- Content component improved validation when only positive integers are allowed
- TinyMCE prevents white text on a white background in preview
TinyMCE editor plugin language of parts fails if subform fields are empty
Codemirror corrects path for keybinding script
- re-introduction of specific layouts to render Contact custom fields
- calendar type min/max year
- PHP warning when preparing Text field
- escaping of data on update or new installs is unnecessary for the 'extensions' column
- banners tour is skipping a few fields
- order of the tours in the modal should no be sorted automatically, use the tour's view order instead
- replace 'an error occurred' with 'this file type is not supported'
- refactor the session fallback
- remove warning in console
- tag needs to be quoted before being passed onto the regular expression
- newly created mail template is not properly recorded in the database (missing extension data and double arrayed tags)
- add padding to highlighted search words in smart search
detect whether Memory engine is supported
- router issues on multilingual sites, breaking old URLs
hide the filter_tag parameter from the URL when the menu item is created with category type and filtering by tag or tags
- template parameter invalid json string
- template manager PHP 8.1 warnings removal
- missing Cassiopeia black color variable
- Cassiopeia menu breakpoint for hamburger to prevent vertical menu
- javascript error on login page when MFA
- Text() not found on user login
- category access levels should not apply to users having core.admin access
- User groups tab use invalid checkbox ids
- Module positions do not show in com_user settings
- removed login message on login in the frontend
- Fix submit button focus on frontend MFA captive login page when using Webauthn
- allow new category when no other category exists
- when a component is disabled, menu items' icon should show 'component not found' and represent a warning rather
- than a cross with 'publish item' tooltip
- improved messaging when an extension is missing checksum information (hash codes proving the file is genuine)
- Articles categories module caching no longer fails
- make schedule runner/keepalive work with adblockers/no script
- remove any spaces from the disable_functions string in the php.ini before exploding into an array for checking and prevent error
- undefined key in HTMLDocument setBuffer
- PluginHelper::getLayoutPath should work in CLI (in non web context)
- show empty state layout only when cache contains no data
- improved RSS page title
- update of the help table of content
- PHP 8.2 warnings in Multilingual Sample Data plugin
- list-view .js should work with Ajax content
Download
Full announcement + download links: https://www.joomla.org/announcements/re ... lease.html
Discussion Forum: viewtopic.php?f=9&t=1001997