Mambo Developer

Team Mambo Announces Release of Mambo 4.6.5

Mambo 4.6.5, codename "Jupiter", has been released. This is a maintenance and security release which fixes some potentially serious security vulnerabilities affecting all earlier versions of 4.6. It is recommended that all 4.6+ users update to 4.6.5 as soon as possible. Instructions for upgrading are included in the release, which you can download from the Mambo Code Forge here.

What's Changed?

Hardened security in /includes/Cache/Lite/Output.php (thanks go to ZonaNet for reporting this issue);
Fixed includes/core.classes.php - local file include vulnerability (thanks to George from tenablesecurity.com);
Additional security hardening:
A number of bug fixes.

Release Notes:

• # fixed, FS#379 - Module titles on custom modules no longer showing
• # wrong Itemid generation
• ! extra validating for include paths at administrator popups load
• ! extra validating for include paths at _setTemplate
• + adding _VALID_MOS validation to Cache\Lite\Output.php
• # bug fix - FS#342 - email validation
• # bug fix - FS#350 - Back end Menu Manager - menu entry titles are centred in column breaking
• + Modification to allow redirect to content after edit/cancel - FS#355
• # bug fix - FS#371 - add to check permission folder
• # fixed - FS#162 - Uploaded Banner Popup lacks CSS styling
• # updating extensions version numbers for release with Mambo 4.6.5
• # Fixed - FS#351 - Radio buttons not aligned with text