Joomla 6.1.1 & 5.4.6 Security & Bugfixの新しいリリース
リリース日:2026年5月27日 日本時間
リリース内容:
Security fixes
- [20260501] - Core - XSS in feed modules
- [20260502] - Core - XSS in com_associations
- [20260503] - Core - XSS in com_contenthistory
- [20260504] - Core - XSS in readmore links
- [20260505] - Core - CSRF in user activation endpoint
- [20260506] - Core - Authenticated blind SQLi in com_finder
- [20260507] - Core - Authenticated blind SQLi in com_tags
- [20260508] - Core - Improper access check in com_config webservice endpoints
- [20260509] - Core - LFI in HTMLView layout parameter
- [20260510] - Core - Path traversal in com_media webservice endpoint
- [20260511] - Core - MFA Authentication Bypass
- [20260512] - Core - MFA Authentication Bypass
- [20260513] - Core - Privilege escalation through com_users batch task
- [20260514] - Core - Privilege escalation through com_users webservice endpoints
- [20260515] - Core - Incorrect Access Control in sample data plugins
- [20260516] - Core - Incorrect Access Control in com_scheduler
- [20260517] - Core - Incorrect Cache Key Construction for InputFilter objects
- [20260518] - Core - Transport encryption downgrade for password and username reset links
- [20260519] - Framework - Inadequate content filtering within the checkAttribute filter code
- [20260520] - Framework - Inadequate content filtering within the cleanAttributes filter code
Bug fixes and improvements
The following bug fixes are included in Joomla! 6.1.1 and Joomla! 5.4.6 (all 5.4 bug fixes are also up-merged into 6.1):
- #45145 [5.4] Bug fix : incorrect error thrown while renaming file by @hiteshm0
- #47307 [5.4] Fix accessibility issue with Back-to-Top link by @ankushx01-dev
- #47413 [5.4] Prevent misleading save failure when mail notification fails by @krishnagandhicode
- #47423 [5.4] Improve substring search in Fancy Select by @adarshdubey03
- #47476 [5.4] Add missing page parameter to contentEventArguments - Article Module by @LadySolveig
- #47480 [5.4] Fix incorrect bind parameter key in Category HTML helper by @janschoenherr
- #47533 [5.4] Fix ECB mode validation typo in OpenSSL AES adapter and align related docs by @mateeaaa
- #47546 [6.1] Show preselected value in fancy select by @krishnagandhicode
- #47557 [6.1] Catch punycode conversion exceptions to prevent crash by @hiteshm0
- #47565 [5.4] Attachments are a list of objects by @laoneo
- #47574 [6.1] override background colour of .is-selected class in dark mode by @hiteshm0
- #47586 [5.4] Fix Category Custom Fields Loading by @CSGoat0
- #47590 [5.4] Fix deletion of update archive after core autoupdate by @SniperSister
- #47599 [6.1] Make collapsible default menu overridable by @drmenzelit
- #47601 [6.1] Fix: Debug plugin crash with Query Explain on AJAX requests by @hiteshm0
- #47602 [6.1] Add AJAX error message scripts for improved menu item editing feedback by @brianteeman
- #47604 [5.4] Replace tags when converting from html to plain body by @laoneo
- #47616 [5.4] Add translate format so that the last check time of the auto updater is actually shown by @zero-24
- #47617 [6.1] Fix missing closing angle bracket for fieldset in repeatable layout by @iteidrm
- #47640 [6.1] Fix publishing fields not shown on create article form by @joomdonation
- #47642 [5.4] Correct aria-posinset to start from 1 [a11y] by @brianteeman
- #47644 [5.4] Missing table column header [a11y] by @brianteeman
- #47646 [6.1] Prevent fatal error when getTemplate method is called in API application by @joomdonation
- #47650 [5.4] Fix RTL toolbar dropdown alignment in admin by @krishnagandhicode
- #47653 [5.4] Language Installation Info [a11y] by @brianteeman
- #47659 [6.1] Fix default value for save_history in com_modules by @chmst
- #47661 [6.1] fix TinyMCE menu bar visibility in fullscreen mode by @adarshdubey03
- #47686 [6.1] Fix clear button not resetting calendar filters by @adarshdubey03
- #47694 [6.1] Only show version history in FormView if version history is supported by @joomdonation
- #47697 [5.4] Move mod_menu language load after client_id resolution in ItemsModel by @krishnagandhicode
- #47715 [6.1] Cassiopeia - Correct z-index select field by @drmenzelit
- #47729 [5.4] Light mode: dismiss button by @brianteeman
- #47731 [5.4] Child template name check only template type by @alikon
- #47735 [5.4] Fix Article Version Preview For Authors by @CSGoat0
- #47775 [6.1] Add color variable for disabled field (choicesjs) by @drmenzelit
The full list of Pull Requests for Joomla! 6.1.1 on GitHub is available here: https://github.com/joomla/joomla-cms/milestone/162?closed=1
The full list of Pull Requests for Joomla! 5.4.6 on GitHub is available here: https://github.com/joomla/joomla-cms/milestone/161?closed=1
ダウンロード先:
既存Joomlaユーザーの方
サイト管理画面にログインしてJoomlaシステムの更新アイコンをクリックしてシステムの更新をして下さい。
システムの更新をする前に、必ず、現在のシステムのバックアップ(DBを含む)をして下さい。
新規ユーザーの方
Joomlaじゃぱん(http://www.joomla.jp)で日本語版パッケージがダウンロードできるようになりましたら、そちらから最新システムをダウンロードして下さい。
英語版のダンロード先は、こちらです。
