Helix Ultimate Security Patch Change Log - Question | JoomShaper

Helix Ultimate Security Patch Change Log

MD

MW Dev

Helix Framework 5 hours ago

Can you guys provide the specific files that were updated to correct the security vulnuerabilities mentioned below. Seperately, can you please list file(s) in your changelog ongoing. Many environments are customized.

Thanks

Action Required: Security Update Now Available for Helix Ultimate Hi,

We've released Helix Ultimate v2.2.7, a focused security update we recommend all users apply as soon as possible.

If you're on any earlier version, please update now.

What's fixed:

Fixed an open redirect vulnerability. Fixed authorization issues in AJAX actions. Fixed path validation issues in media, layout, and blog file operations. Fixed permission validation issues for blog image removal and template settings export. Fixed file upload validation issues in the media manager. Fixed multiple XSS (Cross-Site Scripting) vulnerabilities in media embeds, galleries, Mega Menu, Layout Builder, and font options. Fixed frontend article saving validation issues. Fixed an issue where media uploads could unintentionally trigger template style import. Fixed input validation issues in template style handlers. Fixed information disclosure through media and blog upload error responses. What to do now:

Log in to your Joomla admin panel. Go to System → Update → Extensions. Update Helix Ultimate to version v2.2.7. Already updated? You're all set, no further action needed.

If you run into any issues or have questions, let us know at www.joomshaper.com/forum. Get Helix Ultimate v2.2.7

0
2 Answers
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 hours ago #228831

Hi,

Security changes were in Helix Ultimate plugin, not template itself.
GitHub can be usefull to see that.

Look down

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 hours ago #228832

Planned, for this week

229.png

0