Monday, 06 May 2019 18:22
Hey all, Today we are releasing Mobile Community/Basic/Pro 2.1.37 with following fixes:
- Fixed possible XSS vulnerability in the jQueryMobile framework used by Mobile_Basic template
- Fixed incorrect detection of "Force as homepage" in POST requests
- Fixed issue with "Load MooTools" option in Mobile_Basic template
and updates to all our premium templates Mobile Elegance/Flat/Square/iOS9:
- Fixed possible XSS vulnerability in the jQueryMobile framework
- Fixed issue with id duplication in the case of AJAX navigation
- Fixed issue with "Load MooTools" option
Note there is a fix for potential XSS vulnerability in jQueryMobile framework (used by all our templates). Exploiting of this vulnerability requires JSON (or other non-HTML) end-point on user's website that reflects input back, that's why most of websites are not affected by this vulnerability. Nevertheless, we strongly ask you to install this update(s) to avoid any potential issues.
As always, you can update to the new version of Mobile Joomla! extension from your administrative panel via the Mobile Joomla! Remote Update feature, or by downloading the Mobile Joomla! package and installing it from the backend. Premium templates are not updating automatically and should be downloaded and installed manually. Do not forget to backup your website before the update!