Joomla! Security News

  • Farewell to Joomla! 2.5

    Official Support for Joomla! 2.5 ends on the 31st of December 2014. This means that no bug fixes, features, or security updates will be provided for the 2.5 series after that End of Support (EOS) date.

    Joomla 2.5 End of Support (EOS)

    Joomla! 2.5 End of Support (EOS)

    Help and advice available: https://docs.joomla.org/Why_Migrate

    The first release of Joomla! 2.5 was in January 2012, and it was the third minor release in a series that started with Joomla! 1.6 in January 2011.

    It is important to note that Joomla! 2.5 followed onto, and replaced Joomla! 1.6 and 1.7, and there is therefore no secure version of 1.6 or 1.7. If your are still using one of these version of Joomla! your need to upgrade (at least to 2.5.28) without delay. Do take note of the migration tips and do make a backup of your web site before doing so.

    After the EOS date for 2.5, your web site will continue to work, but you need to start to planning now to upgrade/migrate your 2.5 websites to Joomla! 3.x.

    Joomla! 3 is a secure and stable release that had its first release in September 2012. The Joomla 3.x series is expected to continue being supported at least until September 2016 according to the new Development Strategy.

    New Joomla! Release Strategy

    This new Joomla! Development Strategy was adopted in March 2014, and replaced the previous concept of Short Term (STS), and Long Term Support (LTS) Releases. You therefore do not have to wait until 3.5 to upgrade your site from 2.5, but can safely plan to do so now. See the Improved Release Cycle FAQ for more details.

    In line with the new Development Strategy, the Production Leadership Team (PLT) aims to maintain backward compatibility within the Joomla 3 series (3.0.x, 3.1.x, 3.2.x, 3.3.x, 3.4.x, etc.), which means that upgrades between the these major versions would normally only require a one-click-upgrade (in addition to keeping all installed extensions up to date).

    Upgrading or Migrating to Joomla! 3.x

    Upgrading from 2.5 to 3.x is (in many cases) a simple process, but for bigger web sites, or sites with particular extensions installed, extra care needs to be taken.

    To help guide your through the upgrade/migration process, the Update Working Group have prepared a Migration Portal on the Joomla! Documentation site. Reading and following the steps and advice will help to prevent or limit issues during your site upgrade:

    https://docs.joomla.org/Why_Migrate

    You can also read this article by Jennifer Gress, in the Joomla! Community Magazine: Why Migrate? And Then...How?

    Always remember to create a working backup of your site before attempting any update, upgrade, or migration.

    This article was originally posted on forum.joomla.org 

    Image credit: Helvecio

  • Joomla 1.5 and security

    There was recently reports of a security issue with Joomla! 1.5.26

    Support for the Joomla 1.5 series ended in September of 2012.

    If you still have a web site that's built on Joomla! 1.5, I recommend that you read:

    Setting the record straight for sites on Joomla 1.5

    Please contact us for a quote on migrating your old Joomla web site to the latest version (Joomla! 3.2).

     

  • Joomla Security & Maintenance release: 3.3.6 and 2.5.27

    joomla security releaseJoomla 3.3.6 and 2.5.27 now available. These releases include both Security & Maintenance updates.

    This is a maintenance release addressing issues with yesterday's 3.3.5 & 2.5.26 release. This release addresses an issue related to the core update component, one regression in the user password reset process, and adds a fallback upgrade mechanism for the update component.

    This release is also considered a security release since it includes two resolved security issues that was included in 3.3.5 and 2.5.26

    A 3.2.7 an release is also available for users who are still using Joomla! 3.2 which addresses the security issues and the upgrade component bug.

    Those who have updated to 3.3.5 and 2.5.26 need to follow the Special Download Instructions that are available here:
    http://www.joomla.org/announcements/release-news/5569-joomla-3-3-6-released.html

    or: http://www.joomla.org/announcements/release-news/5568-joomla-2-5-27-released.html

    Michael Babker, of the Joomla! Production Leadership Team (PLT), acknowledges that there's been challenges with recent Jooma! CMS releases:

    "While we strive to be as efficient as possible, there are times when things don't go smoothly, causing stress and headaches for our user base and the community members who test and prepare our releases. This last week has been an example of some rough times for our releases, and though no single person or group is to blame for any of the issues that we've experienced with these last releases, they do highlight areas where our teams and workflows can improve."

    Read the full post over at developer.joomla.org

  • Joomla! 3.2.3 & 2.5.19 Secutiry release

    The Joomla! Project today announced the release of Joomla! 3.2.3 and 2.5.19

    Joomla! 3.2.3

    joomla security releaseIncludes 40 bug fixes, including 4 security issues.

    More information

    Joomla! 2.5.19

    This release  addresses two security issues.

    Since these are both Security updates we strongly recommend that you:

    • Create a backup of your web site
    • Update you site to the latest version for your series of Joomla!

    More information

    Help with Updating & Migrations

    Should you require any help with updating your Joomla! web site, we can assist at our standard Support rate of R350 and hour.

    Please contact us for more details.

    Note that if your web site is still on Joomla! 1.6 or 1.7, you urgently need to upgrade to 2.5 since those older versions have known vulnerabilities.

    Those who have web site on Joomla! 1.5 should start making plans to Migrate to Joomla! 3 as 1.5 is no longer supported.

     

  • Raising the bar on Joomla! security

    The Joomla! Project today announced that starting with Joomla 3.3 the minimum required PHP version will be raised to PHP 5.3.10.

    joomla-3-3-ready

    This article explains:

    • Why change now?
    • Why wasn't the requirements bar set higher from the beginning of 3.x?
    • How will extensions be affected?
    • Will I get any warning? What do I need to look for?
    • What will happen if my host is NOT Joomla! 3.3 Ready?

    Read more at Raising the bar on security