Sergey TolkachyovLet’s celebrate! The Joomla! Project is pleased to announce the release of Joomla 5.2.4 and Joomla 4.4.11. This is a security and bug fix release for the 5.x and 4.x series of Joomla.
These releases continue Joomla’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.
Security Fix
[20250201] - Core - SQL injection vulnerability in Scheduled Tasks component. Read more.
Bug fixes and Improvements with 5.2.4
- Fix namespace map creation on PHP 8.4 (#44789)
- Fix PHP Warning for debuguser, debuggroup (#44721)
- Fix handling of null values on update row (#39607)
- Fix cache counting issue - correctly count number of files (#43986)
- Fix permissions for manually running scheduled tasks (#36719)
- Tag Router: Allow numeric/CSV IDs (Regression) (#44784)
- Fix for Composer update to enshrined/svg-sanitize to resolve SVG upload issues (#44746)
- Fix for Article cannot be saved successfully on the front-end (#44680)
- Fix media downloads with spaces (Follow-up of #37396) (#44745)
- Finder Router: Filter out unnecessary query elements (#44055)
- Jooa11y plugin and page cache conflicts (#41956)
- Fix a11y issue in accordion (role attribute) (#40578)
- Remove alt-text for menu items when both image and title are set (a11y fix) (#40675)
- Fix breadcrumbs color in light and dark mode (#44212)
- Email alt text fix in contact component (#44491)
- Web Asset Manager: Incorrect loading of external resource with / at the end (#44774)
- Fix media downloads with spaces (Follow-up of #37396) (#44745)
- Fix multi-select behavior in Media Manager (Follow-up of #39824) (#44747)
- Fix error handling when creating folders in Media Manager (#39878)
- Fix assets for com_scheduler on new installations (#44684)
- Fix password reset broken in backend (#44723)
- Email cloak plugin fails for emails with IDN (Internationalized Domain Names) (#39888)
- Fix handling of root path removal only when it is at the beginning (#36685)
- Load the namespace from the cached manifest (Reverted) (#44755)
- Fix for Codemirror duplicated assets entries (#44674)
The full list on GitHub is here: https://github.com/joomla/joomla-cms/milestone/136?closed=1
