Security Strike Team - 2019 Report
The Joomla Security Strike Team, JSST, is working tirelessly to keep the Joomla CMS secure and protect the millions of sites around the globe that are based upon it.
2019 was a "lucky" year for Joomla in terms of security.
We patched 29 security issues, none of them being critical for the majority of sites. Most of the issues have been reported by security researchers, but a considerable number of these issues were also discovered by the team itself through internal audits.
Besides that "core job" of the team, we heavily invested time into building up connections with other security teams.
During the very first CMS Security Summit, hosted by Google in February 2019, we had the chance to meet our fellow colleagues, discuss shared challenges and get new input on where to further improve.
The connections built during that event i.e. led to the integration of a library built by the TYPO3 community which mitigates an issue in our underlying programming language PHP.