Release News

Joomla 1.5.10 Security Release Now Available

Joomla 1.5.9 Released

The Joomla Project announces the immediate availability of Joomla 1.5.10 [Wohmamni]. This is a security release and users are strongly encouraged to upgrade immediately.

This release contains 66 bug fixes, one low-level security fix, and one moderate-level security fix. It has been 11 weeks since Joomla 1.5.9 was released on January 10, 2009. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.






Download

Click here to download Joomla 1.5.10 (Full package) »

Click here to find an update package. »

Instructions

Want to test drive Joomla? Try the online demo or the Joomla JumpBox. Documentation is available for beginners.

Release Notes

Check the Joomla 1.5.10 Post-Release Notes to see if there are important items and helpful hints discovered after the release.

Security

One low-level and one moderate-level security issue were fixed in this release:

  • Moderate Priority: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. More information »
  • Low Priority: A XSS vulnerability exists in the category view of com_content. More information »

For additional information, visit the Joomla Security Center.

Components

  • Article Alias no longer missing from Category Views (14228)
  • Section List now drills down correctly to a Category List with Global Content Filters (14510)
  • Web link Router now uses correct Category value (14705)
  • Article HTML filtering correct when only one Filter group selected (14758)
  • Tooltip Help corrected for Section, Category, and Article Alias (15007)
  • Sorting lists by values other than Order corrected (15107)
  • Archived Article Filter Function works correctly (15124)
  • Ampersand in site name no longer breaks Position value in vCard (15143)
  • Added "/" before URL in Remind Me and Password links for com_user (15215)
  • Search works properly using international characters with SEF enabled (15233)
  • Register to Read More in redirect URL correct for Section and Category Menu Items (15266)
  • Multiple Search Menu Items now return correct ItemID (15293)
  • com_media no longer incorrectly loads CSS files from the backend (15354)
  • Fixed invalid XHTML output in com_content and com_contact (15362)
  • Small errors in code comments corrected for com_user (15461)

Modules

  • Changing the module's 'Position' value now correctly changes the value for the 'Order' listbox. (12119)
  • When Module is saved, Module's cache is now cleared (12137)
  • Encoding behavior for quotes and ampersands corrected in Modules (13111)
  • Menu image alignment resolved (14071)
  • Menu Alias respects Active setting (14767)
  • Resolved tag error in mod_feed (14948)
  • Login Redirect returns to current page when no Redirect URL is specified (15376)

Plugins

  • Fixed ID tags used by openid.js (13285)
  • Pagebreak works correctly with JCE (14525)
  • Pagebreak outputs correct XHTML elements (14496)
  • Pagebreak accurately tracks active page (14558)
  • Pagebreak works correctly with Section tables (14827)
  • Caching error resolved for Remember Me function (14857)
  • Menu Item changes are now cached properly (14896)
  • SEF Plugin correctly handles "Data" attribute (15137)
  • Load Position no longer deletes dollar sign and next two positions, in Module output (15237)

Legacy

  • No legacy issues fixed for this release.

Templates

  • Beez: Correct Last Updated date used in Section Blog (14571)
  • JA Purity: All Article text no longer linked when Category presented (14286)
  • rhuk Milkyway: Correct authorEmail value (14439)
  • Corrected RTL issue for Site Title when mouse hovering over Template Logo (14945)

Language

  • Localization for user name corrected in registration form (14468)
  • Corrected localization issue for new Module (13999)
  • User details translatable (14710)
  • Localization corrected for installation of Component  (14859)
  • Copy Menu Items function is now translatable (14944)
  • Pagebreak now translatable (15300)
  • Uninstalling a Component now has all Language Strings (15375)

Administrator

  • Categories are now sortable in reverse order by Order data element (14004)
  • Parameter Element ID for folderlist and filelist are correct (14514)
  • Date format correct for 'checked out date'  (14381)

System

  • Installation of Extensions no longer fails when zip files are included (9701)
  • No longer missing l10n in JApplicationHelper::parseXMLInstallFile() (11798)
  • Resolved Javascript errors created by previous SEF Background Image Fix (13973)
  • Resolved problem with error handling in JFactory::getXMLParser (14022)
  • Case-sensitive image extensions (14059)
  • Atom feed validates correctly (14515)
  • JString::RTrim method is correct (14491)
  • Removed short open tag in admin.categories.html.php (14660)
  • JInstallerComponent::_rollback_menu() error resolved when getting DB Connector (14795)
  • File move now correctly returns "false" when not read or writable (14818)
  • Directory Permissions listed correctly for Temp and Log Folders (14865)
  • JFolder::folders no longer returns unnecessary warning (14875)
  • Setting Tooltip Offset works correctly (15006)
  • JArchiveZip::_extractNative() correctly identifies zip_open() failure (15044)
  • Installer.php parseMedia points to correct folder (15047)
  • Custom Install file upgraded on Component installation (15217)
  • Undefined index HTTP_USER_AGENT error fixed in behavior.php (15282)

Statistics

Statistics for the 1.5.10 release period:

  • Joomla 1.5.10 contains:
    • 68 issues fixed in SVN
    • 281 commits
  • Tracker activity resulted in a net decrease of 8 active issues:
    • 176 new reports
    • 133 closed
    • 68 fixed in SVN
  • At the time the 1.5.10 release was packaged, the tracker had 95 active issues:
    • 44 open
    • 40 confirmed
    • 11 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug with Joomla, find out more information here on how to report the bug.

Active members of the Joomla Bug Squad during this last release cycle include: Ian MacLennan and Mark Dexter co-coordinators; Airton Torres, Akarawuth Tamrareang, Arno Zijlstra, Amy Stephen, Andrew Eddie, Anthony Ferrara, Ashwin Date, Dan Walker, Dennis Hermacki, Edvard Ananyan, Elin Waring, Ercan Ozkaya, Gergő Erdősi, Hannes Papenberg, Kevin Devine, Kevin Sookocheff, Klas Berlič, Marieke van der Tuin, Marijke Stuivenberg, Mati Kochen, Niels Braczek, Pete Nurse, Rosario Buste, Samuel Moffatt, Shantanu Bala, and Wilco Jansen.

A warm welcome to the newest members of the Joomla Bug Squad: Amit Kumar Singh, Andrew Rose, Ashwin Date, Edvard Ananyan, Joe Palmer, Kashyap Puranik, Niels Braczek, Parth Lawate, Pete Nurse, Philip Walton, Richard Malinowski, and Srinivas Chilukuri.

Joomla 1.5.9 Security Release Now Available

Joomla 1.5.9 Released

The Joomla Project announces the immediate availability of Joomla 1.5.9 [Vatani]. This is a security release and users are strongly encouraged to upgrade immediately. 

It has been around two months since Joomla 1.5.8 was released on November 10, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.
 






Download

Click here to download Joomla 1.5.9 (Full package) »

Click here to find an update package. »

Instructions

Want to test drive Joomla? Try the online demo. Documentation is available for beginners.

Release Notes

Check the Joomla 1.5.9 Post-Release Notes to see if there are important items and helpful hints discovered after the release.

Security

One low-level and one high-level security issue were fixed in this release:

  • High Priority: Directory Traversal. A crafted request can allow an attacker to view directory trees on the server. Note: contents of files cannot be edited or deleted, just viewed. More information »
  • Low Priority: SSL Session Token Disclosure. When running a site as SSL ONLY, if a non-SSL request is made, an attacker can obtain the session token. There is NO risk for Web sites that use both HTTP and HTTPS. More information »

For additional information, visit the Joomla Security Center.

Components

  • Fixed Contact Page so that a blank page is not displayed when vCard is not enabled, but is selected in the Contact Parameters (10680)
  • Resolved problem with Category View Table where filter did not work when cache was enabled (10840)
  • vCard no longer displays excess spaces (11871)
  • Small change in components/com_banners/models/banner.php (12577)
  • Resolved invalid XHTML 1.0 Transitional issues introduced in 1.5.7 for the Contact form (12868)
  • Fixed problem that resulted in erroneous '404 - Contact not found' page for dropdown in Contact View (12989)
  • Fixed Contact Category URL problems (13045)
  • Fulltext Search for Uncategorized and Archived Articles is now working (13490)
  • onPrepareContent issue for non-com_content Components resulting in a warning message has been resolved (13505)
  • 'Change Contact Details' link now loads correct page (13542)
  • Contact image not displaying in front end (13643)
  • Front-end article submission no longer auto-populates, finish publishing date with same date as start publishing (13673)
  • Media Manager Javascript error: "Object doesn't support this property or method" that presented for IE has been fixed (13761)
  • Space between meta keywords no longer removed when saving Articles (13794)
  • com_installer Module View now correctly displays Author e-mail and URL (13942)
  • Robots and Author meta retained when copying Articles (13949)
  • Article Archive pagination fixed (14070)
  • Correction so that unregistered site visitors can no longer access PDF for registered Articles (14196)
  • Hits filter in Category List fixed (14390)
  • Resolved problem where "Register to read more" incorrectly redirected to Front Page, rather than Article (14392)
  • Poll error message resolved (14394)
  • Resolved problem where Category List failed to retain Column Sort preference when navigating to a different page (14398)
  • Resolved problem in Category List where changing Display # to All in page 2 of list would display no results (12932)
  • Category List now correctly shows filtering option in use (14402)
  • Corrected 404 error that resulted when menu access was set to Public and Contact Item is Registered (14412)

Modules

  • New modules can now be added, even when there are no modules entries already defined (11874)
  • Inconsistency removed for Login/Logout Redirection page of mod_login (13611)
  • JMenu getMenu() doc error corrected (13617)
  • Archive Module Count Parameter and Tool Tip corrections (13694)
  • STRPOS error corrected when editing Alias Menu Item (13909)
  • Toolbar Image now points to an existing image (14171)

Plugins

  • OpenID upgraded to 2.0 protocol, now works with Yahoo (12217)
  • plgSystemCache plugin now respect site and page language (12115)
  • Page string in plugins/content/pagebreak.php is now properly externalized (12730)
  • Legacy Plugin - Login Timeout resolved (13662)
  • Access level for Plugins fixed (14106)
  • Fixed OpenID Transition issues (14433)

Legacy

  • No issues fixed for this release

Templates

  • RTL feeds PARAM is now saved in database which corrects RTL feeds in Milkyway and Beez (11235)
  • CSS and XHTML valid error in JA_Purity resolved, as was invalid CSS validator link (12887)
  • JA_Purity default status for Modules defined for right position now collapse correctly, when unused (12925)
  • Fixed CSS errors in rhuk_milkyway/css/template_rtl.css (13517)
  • Missing H1 text-align in rhuk_milkyway/css/template_rtl.css fixed (13570)
  • Beez template override for com_search now displays error messages correctly (13584)
  • Corrected Last Updated date for Beez Template (13632)
  • Resolved inconsistencies for Beez Template Override Page Titles (13634)
  • Contact image changes for Beez override (13700)
  • Incorrect File Reference corrected for Beez Template (13859)
  • Short PHP Notation in Beez Windows hosting bug introduced in 12798 has been fixed (14313)
  • en-GB.com_statistics.ini are now correctly deleted (14391)
  • Removed unnecessary string in JA_Purity template (14414)
  • Removed unnecessary strings in rhuk_Milkyway template (14415)

Language

  • Language INI files that were incorrectly encoded using UTF-8 with BOM have been fixed (13499)
  • Untranslated strings in en-GB.ini after SVN 11236 are fixed (13514)
  • Fixed untranslated strings in com_weblinks (13608)
  • Fixed untranslated strings in com_contact (13626)
  • Fixed untranslated Strings in admin/mod_feed (13666)
  • Spacer values are now translatable (14308)
  • Fixed issue with JA_Purity spacer so that it is now translatable (14360)
  • Resolved remaining English string hard-coded in mod_search (14374)
  • String missing in en-GB.com_installer.ini (14389)
  • Resolved untranslated language string for "Email a Friend" feature (14395)
  • Tooltip language string in com_config corrected (13633)

Administrator

  • Added better tooltip text for the Help Server Reset button in Global Configuration System Settings (12023)
  • Toolbar & value fixed for Media Manager button (12841)
  • JInstallerHelper Class Function description has been corrected (13574)
  • Help screens made (13616)
  • Remove default filter for Super Admininistrator and fix filter whitelist problem (13770)
  • Corrected error where Editor deleted content for default filter; UTF-8 compatibility is now enforced with JInputFilter (13901)
  • Removed old dev.joomla.org links (14227)

System

  • query_batch corrected for SQL error (12247)
  • uri.php changes made in 1.5.7 no longer break back-end URLs if $live_site=Http has an uppercase H (12812)
  • JFolder::delete bug fixed when folder contain symbolic links on folders (12939)
  • Typo in sample_data.sql resolved (13549)
  • License correction for PHPMailer in CREDITS.php (13811)
  • Fixed error that resulted from invoking JDatabase::Query() more than once (13860)
  • Cache space is now correctly released (14317)
  • String bug for strspn() resolved (14339)
  • Weird characters removed from LICENSES.php file (14408)
  • Removed outdated link in the installer language file (14410)
  • Fixed typo in Cache Manager (14434)
  • Updated Archive_Tar to relicensed BSD version (12746)

Statistics

Statistics for the 1.5.9 release period:

  • Joomla 1.5.9 contains:
    • 81 issues fixed in SVN
    • 55 commits
  • Tracker activity resulted in a net decrease of 1 active issue:
    • 169 new reports
    • 92 closed
    • 81 fixed in SVN
  • At the time the 1.5.9 release was packaged, the tracker had 113 active issues:
    • 63 open
    • 47 confirmed
    • 3 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug with Joomla, find out more information here on how to report the bug.

Active members of the Joomla Bug Squad during this last release cycle include: Ian MacLennan and Mark Dexter co-coordinators; Airton Torres, Arno Zijlstra, Akarawuth Tamrareang, Alan Langford, Anthony Ferrara, Amy Stephen, Andrew Eddie, Eduardo Diaz, Elin Waring, Ercan Ozkaya, Gergo Erdosi, Hannes Papenberg, Kevin Devine, Marijke Stuivenberg, Mickael Maison, Robin Muilwijk, Samuel Moffatt, Shantanu Bala, Tibor Toth, and Wilco Jansen.

A warm welcome to the newest members of the Joomla Bug Squad: Joe Sonne, Klas Berlič, and Mithun Kumar.

Joomla 1.5.8 Released

Joomla 1.5.8 Released

The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.8 [Wohnaiki]. This release contains a number of bug fixes and two moderate-level security fixes. It has been around two months since Joomla 1.5.7 was released on September 9, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. 









Download

Click here to download Joomla 1.5.8 (Full package) »

Click here to find an update package. »


Instructions

Want to test drive Joomla? Try the online demo. Documentation is available for beginners.

Release Notes

Check the Joomla 1.5.8 Post-Release Notes to see if there are important items and helpful hints discovered after the release.

View past release notes for Joomla 1.5.7 or release notes for Joomla 1.5.6.

Security

For additional information, visit the Joomla Security Center.

Components

  • Articles: Remove brackets around Last Updated date and time, Start Publishing date corrections for other than UTC 00:00, hit counts correct for Articles, adding a space after a cloaked email address
  • E-mail addresses: Correctly cloaked when presented in Section and Category descriptions
  • Categories: Edit icon correctly shows for Articles without Title links, Print icon correct now on first page for Blog Layout
  • Sections: Plural and singular form correction, Category link properly ended, Router changes reverted to version 1.5.6 so Article ID does not append to the Article slug
  • Frontpage: Article assignment correction, corrected number of Links
  • Contacts: Image display correction when Image Directory is configured
  • RSS Feed: Corrected spelling of Category in Category feed
  • User: Added isInternal checking on referer values
  • Weblinks: Language strings

Modules

  • Feed: Target attribute validation, language string correction
  • Login: ItemID is preserved on redirect
  • Menu: Changing Menu Link Type now functions properly, Section Language string, Article Reset button working
  • Related Items: Keyword matching functions correctly and filters characters appropriately
  • Stats: Corrected Time
  • Sections: No authorization parameter works correctly
  • Search: Form validates correctly for Transitional xHTML

Legacy

  • Return statement added for Legacy Menu Check

Templates

  • Beez: Lengthened E-mail Content Popup, Search button now works when pressed, password reset works correctly, corrections to Beez HTML folders, User details page corrected
  • JA_Purity: Added missing language strings

Administrator

  • Console: Added "Welcome to Joomla!" information and Joomla Security RSS feeds to Administrator Console
  • Installation: Proper deletion of component directories, default entries for Templates and Languages are now correct for uninstall
  • Media Manager: Changed default for new sites to disable Flash multi-file uploader due to incompatibility with Flash 10
  • Installation: Remove confusing error message about language files for extension installations, Administrator Modules now correctly uninstall INI files
  • Sample data: Updated news feeds to point to free software community sites, extensive corrections and updates to sample content

System

  • API: JFolder::files and JFolder::folders corrections for Search, missing Method added to JRecordSet, Database Class correctly quotes names not using dot notation, JTableUser matches using the correct number of fields
  • Cache: Correct undefined variable in Cache Class
  • Language file: Corrected wording, correct installation of PDF fonts independent of language choices, several language string corrections in en-GB.ini
  • Menu: Performance improvements for sites with many menu items
  • Users: Temporary Users are now able to logout, secure protocol can now be used when editing account details
  • Added PHP 4 compatibility for isInternal checking

Statistics

Statistics for the 1.5.8 release period:

  • Joomla 1.5.8 contains:
    • 71 issues fixed in SVN
    • 26 commits
  • Tracker activity resulted in a net decrease of 4 active issues:
    • 65 new reports
    • 130 closed
    • 66 fixed in SVN
  • At the time the 1.5.8 release was packaged, the tracker had 114 active issues:
    • 44 open
    • 44 confirmed
    • 24 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug with Joomla, find out more information here on how to report the bug.

Active members of the Joomla Bug Squad during this last release cycle include: Ian MacLennan and Mark Dexter co-leads; Airton Torres, Arno Zijlstra, Akarawuth Tamrareang, Alan Langford, Anthony Ferrara, Amy Stephen, Andrew Eddie, Elin Waring, Ercan Ozkaya, Charl van Niekerk, Gergo Erdosi, Hannes Papenberg, Jennifer Marriott, Jens-Christian Skibakk, Jonah Braun, Joseph LeBlanc, Kevin Devine, Marijke Stuivenberg, Mati Kochen, Mickael Maison, Robin Muilwijk, Samuel Moffatt, Shantanu Bala, Toby Patterson, and Wilco Jansen.

A warm welcome to the newest members of the Joomla Bug Squad: Dan Walker, Eduardo Diaz, and Tibor Toth.