Joomla 1.6.2 Released

The Joomla Project announces the immediate availability of Joomla 1.6.2. This is a security release.

The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.

Download

Click here to download Joomla 1.6.2 (Full package) »

Click here to download Joomla 1.6.2 (Upgrade packages) »

Instructions

Want to test drive Joomla? Try the online demo. Documentation is available for beginners.

Please note that you should always backup your site before upgrading.

Release Notes

Check the Joomla 1.6.2 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.

Security

  • Low Priority - Core - Information Disclosure.
  • Low Priority - Core - Information Disclosure.
  • Low Priority - Core - XSS Vulnerabilities.
  • Medium Priority - Core - XSS Vulnerabilities.
  • Medium Priority - Core - XSS Vulnerabilities.
  • Medium Priority - Core - Unauthorised Access.
  • Medium Priority - Core - SQL Injection.
  • Medium Priority - Core - Clickjacking.

Issues Fixed

CategorySummaryLink
ACL JModelForm enables 'com_checkin' for 'core.manage' - should be 'core.admin' 25540
Administration Improve .htaccess rewrite efficency 22425
Administration Don't always load Mootools (More) in the backend. 24736
Administration Administrator (with a capital A) does weird stuff 24835
Administration *Systeminformation > Directory Permissions: List incomplete 25088
Administration Logout in administration menu not working 25262
Authentication and Login Gmail authentication fails (Verify Peer variable mistyped) 25576
Automated Test Automated ACL system test to test manage permission 22618
Automated Test Fix failing unit test for JDocument 25286
Automated Test Xcache can not be tested using phpunit 25301
Automated Test Add more unit tests for JURI 25348
Automated Test Fix failing unit test for JDocumentRenderRSS 25359
Browsers Font Size not working with Internet Explorer 7 25403
Code Style Unused JElement classes in core 23458
Code Style Don't use the javascript pseudo protocol when it isn't necessary 25111
Code Style Several places calling getXMLparser instead of getXMLParser 25213
Code Style Many places calling JHTML:: instead of JHtml:: 25224
Code Style Fix a number of incorrect comment in components 25247
Code Style Don't use sizeof() 25372
Code Style Optimize for loops 25385
Code Style Empty file administrator/components/com_users/helpers/levels.php 25467
Components Unable to create external menu item type with an alias that is a folder name 24430
Components Blog pagination options missed in Gobal configuration (com_content) 24836
Components Contact form not using Jform makes event not work as expected 24987
Components Featured articles are reordered when editing one of them 25118
Components 1.6.1 breaks wrapper menu links 25238
Components *Issue with Articles created in front-end and set to featured 25240
Components *Missing weblink ini strings when submit/edit weblink from a content 25252
Components *Weblinks adding words "Web links" before the actual link text 25276
Components Media form field is not allowed access to media manager in the front end 25288
Components Wrong CSS class declaration 25305
Components Article Title will not go away no matter what. 25308
Components *Unused show title parameter for archives menu item 25338
Components new layouts - No pagination on articles category page if first visit 25370
Components *Combined patch for various meta issues in menu items 25481
Components Extra quote in com_weblinks 25522
Components Apply (Save and present in Editor again) does not checkout row 25541
Components Wrong header output in com_contact vCard view makes IE handle vCard downloads wrong... 25545
Components com_contact vCard link not using JRoute::_() which causes download issues with System - Language Filter plugin enabled and SEF 25550
Components Category Blog - More Article links don't have limitation 25563
Components *ROOT parent category wrongly displays in featured and blog layout 25572
Components *Unused Jtoolbarhelper title in Language Manager Content Languages 25585
Components Sort in Article Category List broken 25602
Database failure to delete error message showing incorrectly 25098
Database performance of assets table query with > 40 articles on website in registered mode 25617
Forms onchange event does not fire in JFormFieldAMedia 25071
Front End Article edit page permits you to attempt to edit checked-out articles causing 403 errors. With patch. 25259
Front End Menu alias not respecting "active" 25347
Front End Undefined notice on 404 page 25486
Installation *joomla.xml still exists after install of install 24345
Installation Typos in sample data 25397
Installation Installer missing client-side check that package was selected prior to pressing Upload and Install Button. 25451
Javascript No javascript form validation after clicking submit button 25228
Joomla! Libraries access levels - pagination::orderDownIcon appearing before last item 21809
Joomla! Libraries Improved fix for XSS issue found in Joomla 1.5.20 22870
Joomla! Libraries browser detection script reports wrong informations 22926
Joomla! Libraries Installation of tar.gz packages fails in xampp under Windows 23364
Joomla! Libraries Remove remaining ereg* functions - Obscolete in PHP 5.3 23878
Joomla! Libraries Module plugin and component scriptfile are not copied to final install point 24954
Joomla! Libraries The word Array appears below the document when Cache is turned on 24974
Joomla! Libraries *rev 20974 breaks normal sliders/tabs behavior 25399
Joomla! Libraries *Content language ordering not implemented 25401
Joomla! Libraries JPane slider effect not functioning properly 25417
Joomla! Libraries Extension "upgrade" method re-installing component 25425
Joomla! Libraries #24285 change breaks module cache functionality needs to be reverted 25551
Joomla! Libraries the package strings are not translated when installing or managing" 25569
Languages *Contact language is ignored in frontend 24710
Languages Plugin instead of Module in en-GB.lib_joomla.ini 25136
Languages Incorrect SMTP security option 25145
Languages Typo in en-GB.lib_joomla.ini 25231
Languages Some errors and warnings are not translated due to missing JText::_() 25232
Languages The front end rendering of the media field is missing srings 25289
Languages Incorrect language keys in error.php of atomic template 25319
Languages Typos on the 404 page 25320
Languages com_menus translation is missing for list items 25355
Languages *Although en-GB language is protected by default in db it can be uninstalled 25416
Languages *en-GB.files_joomla.sys.ini not loading 25614
Media Manager media manager folder names hidden when long 25257
Modules Hiding "Add New Shortcuts" removed Groups and Levels in admin menu 24321
Modules Module latest user parameter link to contact does not work 24917
Modules Static caching of language switcher ruins the correct class lang-active behaviour (patch included) 25021
Modules Changing modules doesn't reflect changes with enabled caching. 25139
Modules * hr.gif and sr.gif are transparent 25177
Modules Wrong order in Module Latest Users 25318
Modules Ordering of two modules options are inconsistent 25360
Modules *langswitcher module can display content languages with no specific home page 25400
Modules Database error not handled in mod_users_latest and mod_articles_archive 25496
Modules *Notices with module Articles category 25497
Modules Minor Bugs in mod_whosonline 25519
Modules Module Articles Category takes server timezone instead of Joomla one 25593
Plugins Form onchange event pointing to non-existant event 25074
Plugins *Plugin System cache error when debug is on. 25174
Plugins Language filter redirecting breaks image uploading in frontend. Patch included. 25210
Plugins Following http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=25210 25356
Plugins *Wrong lang load order when editing plugin 25495
Plugins Update CodeMirror to Version 1.0 25508
Plugins *Email Cloak Plugin outputs preformatted code in email "to" field 25603
RTL RTL issues with beez 2 and beez 5 25172
Search Engine Friendly Content pictures aren't displaying if SEF is on and System Cache plugin is enabled 25170
Search Engine Friendly 404 after pagebreak in <--prev next --> footer 25176
Search Engine Friendly The robots.txt file offers no protection for a site installed in a folder. 25340
Search Engine Friendly Menu item type Alias not editable alias 25349
Search Engine Friendly *Metatag Robots not working for menu items 25436
Templates Don't add aria role breadcrumbs 24998
Templates *Save & Copy template styles issue 25269
Templates tooltips in high contrast mode (bluestork) 25412
Templates Hathor: minor bug that causes hidden Date values in com_templates 25432
Templates admin templates does not add a border on fielset when using tabs 25571
Templates RTL in Atomic 25581
User Interface Native support for IIS Rewrite 24016
User Interface Inconsistency in the naming of the items statuses 24514
User Interface Fix New and Save icons for other components 25025
User Interface module assignment slider gives inaccurate information for modules with "all except" 25027
User Interface Media manager popup - Change of directory don't reflect in list of images and folders on windows system (XAMPP) 25129
User Interface *Normalizing com_messages UI 25285

Statistics for the 1.6.2 release period:

  • Joomla 1.6.2 contains:
    • 115 tracker issues fixed in SVN
    • 8 security issues fixed

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the 1.6 Bug Tracker.

Active members of the Joomla Bug Squad during this last release cycle include: Andrea Tarr, Andrew Eddie, Bill Richardson, Brian Teeman, Christophe Demko, Dennis Hermacki, Elin Waring, Harald Leithner, Ian MacLennan, Jacob Waisner, Janich Rasmussen, Jean-Marie Simonet, Jennifer Marriott, Jeremy Wilken, Marc STUDER, Marijke Stuivenberg, Mark Dexter, Matt Thomas, Michael Babker, Nicholas Dionysopoulos, Niels Braczek, Nikolai Plath, Ole Bang Ottosen, Omar Ramos, Pete Nurse, Peter Chovancak, Piotr Mocko, Radek Suski, Reinhard Hiebl, Roland Dalmulder, Rouven Weßling, Rune Sjøen, Samuel Moffatt, Zachary Draper.

Bug Squad Leadership: Andrew Eddie, Ian MacLennan, and Mark Dexter Coordinators; Bill Richardson, Elin Waring, Marijke Stuivenberg, Matt Thomas, and Omar Ramos, Team Leaders.

Joomla! Security Swat Team

A big thanks to the Joomla! Security Swat Team for fixing all reported security issues with this release. Members include: Airton Torres, Alan Langford, Andrew Eddie, Bill Richardson, Elin Waring, Ian MacLennan, Jason Kendall, Louis Landry, Marijke Stuivenberg, Mark Dexter, Omar Ramos, Rouven Weßling, Samuel Moffatt.