SP Page Builder Security Update For Joomla 3.10.12 Sites
Q
quentin
Hello, I manage several websites running Joomla 3.10.12 with SP Page Builder installed. Following the recent zero-day vulnerability affecting the asset.uploadCustomIcon task (fixed in version 6.6.2), I would like to know how to secure these sites.The latest version 6.6.2 cannot be installed on Joomla 3.x environments. Could you please confirm: Is there a maintained version of SP Page Builder compatible with Joomla 3.10.12 that includes a fix for this vulnerability? If not, do you provide a security patch or a workaround we can apply manually to the existing files on Joomla 3 installations? What is your recommended approach for sites still running Joomla 3 that cannot migrate immediately? The websites are currently exposed to the active exploit, so any guidance you can provide quickly would be much appreciated.Thank you for your help. Cedric
2 Answers
Order by
Oldest
Paul Frankowski
Accepted AnswerHi Cedric and all other users.
- SPPB 3.8.10 don't have upload custom Icon feature, so found security problem don't effect 3.x version.
- We don't support old versions anymore. End of the life. We informed about that in documenation.
- Consider using Firewall component for Joomla 3.x to add extra security layer anyway!
Regarding the recently reported security issue in SPPB 5.x and SPPB 6.6.1, the affected functionality is not available in SP Page Builder 3.x, including version 3.8.1-10 and 4.x. Therefore, websites running SP Page Builder 3.8.x are not impacted by this specific vulnerability.
Please note that SP Page Builder 3 and Joomla 3.x is no longer under active development and has reached the end of its development lifecycle. As a result, no bug fixes, or security updates are planned for those versions. You are using this on your own risk!