Joomla 1.5.6 Security Release

The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

For more information about this exploit, click here to visit the Joomla Security Blog.

Instructions

Download the Joomla 1.5.6 full package now

Download update packages

Release Notes

  • SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.

Manual Installation

Download the Joomla! 1.5.6 Security Patch changed files only

For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:

		components/com_user/models/reset.php
		changelog.php
		includes/framework.php
		administrator/includes/framework.php
		libraries/joomla/version.php
		libraries/joomla/environment/uri.php

This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.