Joomla security update+
Joomla 4.2.4 is now available. This is a security release for the 4.x series of Joomla which addresses 2 security vulnerabilities.
Security issues fixed
- [20221001] Low Severity - Critical Impact - Disclosure of critical information in debug mode (affecting Joomla! 4.0.0 - 4.2.3) More Information
- [20221002] Low Severity - Low Impact - RXSS through reflection of user input in headings (affecting Joomla! 4.0.0 - 4.2.3) More Information
As the main issue focuses on the site having its debug mode set to Yes, the quickest way to help your site while backing up and preparing for the update is to simply switch “Debug System” to No if it is switched currently on.
Debug is located in the Global Configuration area of your site under the System tab.
If you are running a publicly accessible Joomla 4.x site which had debug mode enabled for a significant timeframe, we strongly recommend checking the site for suspicious activity as the issue has been observed to be exploited in the wild by at least one actor.
Addendum
At the point of pushing the changes, some of the bug fixes that were intended for the next planned release made their way into this release.
