I've just released a raft of updates for our template Framework and some of our popular Joomla Extensions. Please note that information related to potential security vulnerabilities on some of our extensions is below.
An update to the Zen Grid Framework
The framework release fixes a number of issues that have popped up since the release of our Responsive Joomla template a few weeks ago. You can read the full run down of the changes in the Zen Grid Framework 2 changelog.
JCE JB Type Plugin available for JCE v2
Last night I also released the JCE JB Type plugin v2.0 (compatible with JCE v2.x) that puts the ease of our typography plugin right inside the JCE Joomla content editor. I want to send a very special thanks to Ryan Demmer for putting this JCE plugin together for us.
The JB Type plugin, jTweet and jFlickr modules have also had small although significant updates. They are all now available as a unified package which means you know longer have to worry about which version of the extension to download. The packages will install on Joomla 1.5 and Joomla 1.7.
A few days ago I notified the VEL Team that a number of our extensions had potential security issues. The issues related to missing no direct acces statements that could in some server configurations lead to a full server path disclosure. All users of the following modules are advised to update to the latest version in order to cover any potential issues: JB Slideshow3, CaptifyContent, Microblog and Bamboo Box.
This vulnerability is only evident on servers that have display_errors set to on and when a user attempts to access one of the admin interface elements directly. If in doubt then please ensure that you update to the latets version.
Users of the captifyContent module can download the latest version for free form the captifyContent download page.
- Captify Content - All versions prior to v1.0.1 of the unified package.
- Microblog - Joomla 1.7 only. Versions prior to v1.10.3
- JB Slideshow - Joomla 1.5 and Joomla 1.7 versions prior to v3.5.1
- Bamboo Box - J1.5 all versions prior to 1.2.2