Security Announcement

A Joomla 3.4.7 release containing a security fix will be published today (Monday 21st December) at approximately 21:00 UTC

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of this year (2015) with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (N.B. Fixed in all versions of PHP 7 and has been backported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are releasing a Joomla Update later today which contains additional protection for those users. We do of course recommend that all users apply this update as soon as possible.

From Joomla 3.4.6, performing an update to the new version is as simple as logging in and clicking an update button. The update version warning notice will be clearly visible as soon as an administrator logs in. Joomla advises that there are Joomla extensions available that can apply updates automatically.

Although no longer supported officially, the Joomla Security Strike Team plans to issue patches for Joomla versions 1.5 and 2.5.

Until the release is out, please understand that we cannot provide any further information.

Joomla! 3.4 - Do More

Joomla! 3.4.6 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and 4 low level security vulnerabilities. We strongly recommend that you update your sites immediately.

This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.5 release.

Security Release

What's in 3.4.6

Version 3.4.6 is released to address four reported security vulnerabilities and includes security hardening of the user password reset system.

Security Issues Fixed

  • High Priority - Core - Remote Code Execution (affecting Joomla 1.5 through 3.4.5) More information »
  • Low Priority - Core - CRSF Hardening (affecting Joomla 3.2.0 through 3.4.5) More information »
  • Low Priority - Core - Directory Traversal (affecting Joomla 3.2.0 through 3.4.5) More information »
  • Low Priority - Core - Directory Traversal (affecting Joomla 3.4.0 through 3.4.5) More information »

Please see the documentation wiki for FAQ’s regarding the 3.4.6 release.

Timeline update for Joomla 3.5

Hello from everyone on PLT! We have been busy over the past weeks testing, and re-testing Joomla 3.5 beta 1. Timelines are always the first thing people want to know; followed with what features will be available.

Timeline update for 3.5

Timelines are a tricky part of planning. Bug fixing can be a challenging task to plan for. Sometimes the answer comes instantly and sometimes we’ll lose days on a single issue. We’ve been working tirelessly on an issue for the last couple weeks. We are adjusting our timeline appropriately.  

Joomla! Community Magazine (JCM) - December 2015 issue

The December 2015 issue of the Joomla! Community Magazine is here! Our stories this month:

Editors Introduction

Joomla Community: This is YOUR Magazine!, by Helvecio da Silva

In 2012 I had the opportunity to attend the very first Joomla World Conference in San Jose, California. I hardly knew anyone in the International Community...

Joomla! 3.5 Beta 1 Released

The Joomla! Project is pleased to announce the availability of Joomla! CMS 3.5 Beta 1. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.5 release.

Joomla! 3 is the latest major release of the Joomla! CMS, with 3.5 the sixth standard-term support release in this series. Please note that going from 3.4 to 3.5 is a one-click upgrade and is NOT a migration. The same is true is for any subsequent versions in the 3 series of the CMS. That being said, please do not upgrade any of your production sites to the beta version as beta is ONLY intended for testing and there is no upgrade path from Beta.

Subcategories

The latest news from the Joomla Team
Announcements & News related to Official Joomla! project Releases