Joomla 1.5.8 was released in November 10.

Two months after the release of it's predecesor, this last version fixes a number or minor bugs, but it fixes two moderate-level security fixes so you must upgrade your sites ASAP.

In security they changed:

• Default Content Filtering - The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc).  This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration.
• Filtering for Web Link Descriptions - com_weblinks allows raw HTML into the title and description tags for weblink submissions (from both the administrator and site submission forms). 

Components

• Articles: Remove brackets around Last Updated date and time, Start Publishing date corrections for other than UTC 00:00, hit counts correct for Articles, adding a space after a cloaked email address
• E-mail addresses: Correctly cloaked when presented in Section and Category descriptions
• Categories: Edit icon correctly shows for Articles without Title links, Print icon correct now on first page for Blog Layout
• Sections: Plural and singular form correction, Category link properly ended, Router changes reverted to version 1.5.6 so Article ID does not append to the Article slug
• Frontpage: Article assignment correction, corrected number of Links
• Contacts: Image display correction when Image Directory is configured
• RSS Feed: Corrected spelling of Category in Category feed
• User: Added isInternal checking on referer values
• Weblinks: Language strings

Modules

• Feed: Target attribute validation, language string correction
• Login: ItemID is preserved on redirect
• Menu: Changing Menu Link Type now functions properly, Section Language string, Article Reset button working
• Related Items: Keyword matching functions correctly and filters characters appropriately
• Stats: Corrected Time
• Sections: No authorization parameter works correctly
• Search: Form validates correctly for Transitional xHTML

Legacy

• Return statement added for Legacy Menu Check

Templates

• Beez: Lengthened E-mail Content Popup, Search button now works when pressed, password reset works correctly, corrections to Beez HTML folders, User details page corrected
• JA_Purity: Added missing language strings

Administrator

• Console: Added "Welcome to Joomla!" information and Joomla Security RSS feeds to Administrator Console
• Installation: Proper deletion of component directories, default entries for Templates and Languages are now correct for uninstall
• Media Manager: Changed default for new sites to disable Flash multi-file uploader due to incompatibility with Flash 10
• Installation: Remove confusing error message about language files for extension installations, Administrator Modules now correctly uninstall INI files
• Sample data: Updated news feeds to point to free software community sites, extensive corrections and updates to sample content

System

• API: JFolder::files and JFolder::folders corrections for Search, missing Method added to JRecordSet, Database Class correctly quotes names not using dot notation, JTableUser matches using the correct number of fields
• Cache: Correct undefined variable in Cache Class
• Language file: Corrected wording, correct installation of PDF fonts independent of language choices, several language string corrections in en-GB.ini
• Menu: Performance improvements for sites with many menu items
• Users: Temporary Users are now able to logout, secure protocol can now be used when editing account details
• Added PHP 4 compatibility for isInternal checking

Statistics