Joomla! 1.0.9 out now!!

Created on Sunday, 04 June 2006 12:00

Article Index

Joomla! 1.0.9Joomla! 1.0.9 [ Sunshine ] is now available as of Monday 05th June 2006 18:00 UTC for download here.

We suggest that all Joomla! users upgrade to this version.

1.0.9 contains the following changes:

  • 12 Low Level Security Fixes
  • 160+ General bug fixes
  • Several Performance enhancements

Although this release contains 12 security fixes, as they are of a low level nature, this release is being characterized as a Stability/General release.  If you are running 1.0.8, you are advised to upgrade to 1.0.9 as it fixes several annoying non-critical errors in 1.0.8

1.0.9 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.

New to Joomla! or starting a new site

Are you a new Joomla! user?  Confused as to which of the 30 available packages to download?

The answer is simple.  If you are creating a site for the first time, you will need the Full Package file:

The other packages are for those users who have already have an existing Joomla! site and wish to upgrade to the latest version.

Upgrade Instructions

Upgrading from any version of Joomla! 1.0.x to 1.0.9, simply involves overwriting your current sites files, with the files in the proper Patch Package that applies to your site.  This is also the case for those users who are currently using a 1.0.9 Beta version.
So if you are running Joomla! 1.0.5, you will need the 1.0.5 to 1.0.9 Patch Package.

This can be done by either uncompressing the Patch Package and then using an FTP client to transfer these files to your server and overwriting existing file.  If you find errors after the process, ensure that all files were properly transferred.  There have been verified reports of some FTP clients not properly transferring files across to a server - without notifying the user of such a problem.

If your Web Provider gives you access to your site via some sort of Web Admin panel like CPanel or Plesk, you can use the system's file manager to upload the Patch Package file to your server and then extracting the package file and overwriting all the files on your server.

More information can be found on the Forums and if at any stage you are unsure, then search the forums for posts on the subject.  Most will be found in the Upgrading Forum.

Conversion Instructions

For those converting from Mambo 4.5.2.x or Mambo 4.5.3 please read these Migration instructions.
You will to need to download the Joomla 1.0.9 Full package.

Backing Up

Before undertaking an Upgrade or Conversion, it is extremely important that you backup your site Database and if possible, also you site files.  While we try to ensure that an Upgrade or Conversion process is relatively straightforward, we cannot guarantee that this will always be the case for every user.  So it is imperative that users take protective measures in case they face problems after the Upgrade or Conversion.

Package Integrity

To ensure the integrity of the files you are downloading, you are advised only to download from the 'Official Source' on the Official Joomla! Forge.  As an extra security measure we now make available the MD5 checksum values of the respective package files, to allow people to do integrity checking.


Joomla! 1.0.9 comes as a Full Package:

  • 1.0.9 Stable Full Package

and Patch Packages:

Package Formats

It also comes packaged in 3 different compression formats

Security Fixes

Joomla! 1.0.9 Contains twelve (12) fixes for Low Level Security Vulnerabilities.

Low Level Threat Fixes

A1 Unvalidated Input
  •  A1 - Harden mosmsg
  •  A1 - Hardening of backend `User Manager` to stop 'Administrators' from being able to create 'Super Administrator' users
A2 Broken Access Control
  • A2 - Breadcrumbs title visibility even when access restricted
  • A2 - 'Edit Your Details' page now needs a published menu item to be accessible
  • A2 - 'Check-In My Items' page now needs a published menu item to be accessible
  • A2 - 'Submit News' page now needs a published menu item to be accessible
  • A2 - 'Submit Weblink' page now needs a published menu item to be accessible
  • A2 - Add ability to selectively disable certain types of syndicated feeds
  • A2 - Ensure module caching does not inadvertently make special level modules visible to registered users
  • A2 - Add ability to totally disable access to frontend login page
  • A2 - Add ability to disable frontend user params
A3 - Broken Authentication and Session Management
  •  A3 - Changes to access level of user account will kill any active session for that user

OWASP Vulnerability Categorization

Since 1.0.8, Joomla! has started adopting the Open Web Application Security Project (OWASP) Top Ten Vulnerability categorization system, to standardize the categorization of security vulnerability reports.

OWASP Top Ten list here

Query Performance Improvements

1.0.9 contains query performance improvements that should lead to slightly better database performance for Joomla! sites.

There is roughly a 20% reduction in number of queries called in 1.0.9 compared to 1.0.8

More information here

Caching Fixed

In all earlier versions of 1.0.x the core caching functionality is basically does not work, this has now been corrected in 1.0.9

This means that activating Joomla! caching should now lead to actual performance improvements.

More information here

MOSImage Performance Issue

There is a performance issue in regards to the MOSImage Manager that can slow the loading of the Content Item create/edit page when you have a large number of images in the /images/stories/ directory.

To solve this, new functionality has been added to 1.0.9

More information here

Losing data by getting Logged out

One common problem in the 1.0.x series is getting logged out (because your session has expired) and losing the data you had been working on.  This has been addressed in 1.0.9 by a slight change in the logout system.  This should mean that the circumstance of losing data due to being logged out will be a thing of the past.

More information here

Language File changes

In 1.0.9 modifications were made regards the frontend static language file. For non-english Joomla! users (users who use a different language file for their site instead of the default english.php) this may cause some minor issues.

Until the 3rd Party Development team in charge of creating your specific language file has updated their language versions, then you need to make the changes in your language file yourself.

More information here 

Other fixes & improvements

Any other new improvements in 1.0.9 will be blogged about in the Official Joomla! Developers Blog.


A very big thank you must go to the community in assisting with this release.

In the lead up to 1.0.9 stable 2 beta releases were made available to the community for testing.  This is the first time the community has been given access to such Beta release for the 1.0.x series.  It was done in the hope of improving the testing process and we believe that this has indeed been the case, as can be seen from the community reported bugs submitted after these releases.

It is only through the partnership with a strong vibrant and active community that Joomla! can continue to be successful.

Rey Gigataras [stingrey]
Joomla! Core Team Member
Stability Team Leader