Joomla! News
- Details
- Category: Project Release News
A Joomla! 3.6.4 release containing a security fix will be published on Tuesday 25th October at approximately 14:00 UTC.
The Joomla! Security Strike Team (JSST) has been informed of a critical security issue in the Joomla! core.
Since this is a very important security fix, please be prepared to update your Joomla! installations next Tuesday.
Until the release is out, please understand that we cannot provide any further information.
- Details
- Category: Project Release News
Joomla! 3.6.3 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes a Backwards Compatibility Break we made in 3.6.2 with the article ordering. In addition there are a large number of minor improvements and bug fixes.
What's in 3.6.3
Joomla! 3.6.3 comes with more than 350 merged PR and small improvements in many areas. We have also updated the wysiwyg editors:
- TinyMCE to 4.4.3
- CodeMirror to 5.18.0
See the list of fixed GitHub issues for details of the tracker items fixed.
For known issues with the 3.6.3 release, see the Version 3.6.3 FAQ in the documentation site.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla! Community. Learn more about Joomla! development at the Joomla! Developer Network.
- Details
- Category: Project Release News
Joomla! 3.6.2 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes some bugs in email cloaking and sessions from Joomla! 3.6.1.
What's in 3.6.2
Joomla! 3.6.2 fixes some issues found in the 3.6.1 release on Wednesday related to sessions on PHP 5.3 and some general email cloaking bugs:
- PHP 5.3 users were unable to login
- Cloaking emails could cause issues with placeholder and input values that were emails
- Emails in links with attributes had the attributes stripped when email cloaking happens
There were some known issues when updating to 3.6.1. Read about them here.
For known issues with the 3.6.2 release, see the Version 3.6.2 FAQ in the documentation site.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla! Community. Learn more about Joomla! development at the Joomla! Developer Network.
- Details
- Category: Project Release News
During the latest release of Joomla! 3.6.1 an issue emerged because of a security fix. 3.6.1 introduced a CSRF token check to the Joomla! Update component as an extra level of security to fix a Medium Level security issue. 3.6.0 down to 2.5.4 (every Joomla! release with the update component) will hit an issue with failing to pass the CSRF token check because those versions don't generate the needed token to pass the check.
Therefore we have had to make some emergency decisions:
Updating from Joomla! 2.5.x
Unfortunately there was a bug when updating Joomla! 2.5.x to 3.6.0 - this was patched in the 3.6.1 release - however as this migration is no longer possible - you will need to first migrate to Joomla! 3.5.1 then upgrade to 3.6.0. Then follow the steps below for users on Joomla! 3.6.0.
Updating from Joomla! 3.0.0-3.5.1
Update to Joomla! 3.6.0 through the Joomla! Update component. Then follow the steps below for users on Joomla! 3.6.0.
Updating from Joomla! 3.6.0
Update the Joomla! Update Component through the Extension Manager. (In the administrator part of your website (example.com/administrator), go to Extensions -> Manage -> update. It might be that you have to clear the update cache before the component is shown, if the necessary update still doesn’t show up, go to Update Sites and click Rebuild.)
Then use the Joomla! Update component ( components -> Joomla! Update) to update to the latest 3.6.x version.
- Details
- Category: Project Release News
Joomla! 3.6.1 is now available. This is a security release for the 3.x series of Joomla. This release fixes several low level security issues. We strongly encourage you update your sites.
IMPORTANT: PLEASE READ THIS ANNOUNCEMENT ABOUT THE 3.6.1 UPDATE PROCESS
What's in 3.6.1?
Version 3.6.1 also addresses several issues:
- Fixes a bug resulting from a backwards compatibility break in PHP 7.0.9
- Fix for language redirects being cached in the browser
- Fix upgrades from Joomla! 2.5.28
- Fix SQLAzure database driver
- TinyMCE upgrade to 4.4.0.
Thanks to the hard work of 46 different volunteer contributors, more than 500 code commits, addressing nearly 150 issues, were made for the 3.6.1 release.
See the list of fixed GitHub issues for details of the tracker items fixed.
Security Issues Fixed
- Medium Priority - Core - CRSF More information »
- Low Priority - Core - ACL Violations More information »
- Low Priority - Core - XSS Vulnerability More information »
For known issues with the 3.6.1 release, see the Version 3.6.1 FAQ in the documentation site.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla! Community. Learn more about Joomla! development at the Joomla! Developer Network.