Joomla Downloads Portal

The Joomla! Community proudly presents the centralised and localised Joomla! Downloads portal. It will be the only place you’ll ever need to visit for all Joomla! CMS core files.

As part of our post-release review process for the 3.6.4 release, the Joomla! Security Strike Team has identified and confirmed an additional side effect of the issue resolved in security advisory 20161002 (CVE-2016-8869) and as such we have revised our assessment of this issue.

Joomla 3.6.4

Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses three critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately.

This release only contains the security fixes and bug fix; no other changes have been made compared to the Joomla! 3.6.3 release.

Note: This announcement was revised on 27 October to include a third vulnerability confirmed after the release, please see this announcement for additional information.
Joomla Security Release

What's in 3.6.4

Version 3.6.4 is released to address two critical security issues and a bug regarding two-factor authentication.

Security Issues Fixed

  • High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3) More information »
  • High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3) More information »
  • High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3) More information »

Bug Fixes

  • [#12497] Two-Factor Authentication encryption fix

Please see the documentation wiki for FAQ’s regarding the 3.6.4 release.

Subcategories

The latest news from the Joomla Team
Announcements & News related to Official Joomla! project Releases