Can you guys provide the specific files that were updated to correct the security vulnuerabilities mentioned below. Seperately, can you please list file(s) in your changelog ongoing. Many environments are customized.
Thanks
Action Required: Security Update Now Available for Helix Ultimate
Hi,
We've released Helix Ultimate v2.2.7, a focused security update we recommend all users apply as soon as possible.
If you're on any earlier version, please update now.
What's fixed:
Fixed an open redirect vulnerability.
Fixed authorization issues in AJAX actions.
Fixed path validation issues in media, layout, and blog file operations.
Fixed permission validation issues for blog image removal and template settings export.
Fixed file upload validation issues in the media manager.
Fixed multiple XSS (Cross-Site Scripting) vulnerabilities in media embeds, galleries, Mega Menu, Layout Builder, and font options.
Fixed frontend article saving validation issues.
Fixed an issue where media uploads could unintentionally trigger template style import.
Fixed input validation issues in template style handlers.
Fixed information disclosure through media and blog upload error responses.
What to do now:
Log in to your Joomla admin panel.
Go to System → Update → Extensions.
Update Helix Ultimate to version v2.2.7.
Already updated? You're all set, no further action needed.
If you run into any issues or have questions, let us know at www.joomshaper.com/forum.
Get Helix Ultimate v2.2.7