Wednesday, 29 December 2010 20:57
Thanks for doing this research. I hope it instigates more competition and interest in security related extensions and best practices for site owners. The lack of automated internal updates for most extensions and often any sensible, simple, new version release notices is a major drawback for the way it adds risk and maintenance costs to Joomla sites. On th jXtended Comments exploit, why hasn't this been openly addressed? I've seen scripted attacks on it since June.
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.