Joomla 3.6.4

Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses three critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately.

This release only contains the security fixes and bug fix; no other changes have been made compared to the Joomla! 3.6.3 release.

Note: This announcement was revised on 27 October to include a third vulnerability confirmed after the release, please see this announcement for additional information.
Joomla Security Release

What's in 3.6.4

Version 3.6.4 is released to address two critical security issues and a bug regarding two-factor authentication.

Security Issues Fixed

  • High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3) More information »
  • High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3) More information »
  • High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3) More information »

Bug Fixes

  • [#12497] Two-Factor Authentication encryption fix

Please see the documentation wiki for FAQ’s regarding the 3.6.4 release.

Joomla Security Announcement

A Joomla! 3.6.4 release containing a security fix will be published on Tuesday 25th October at approximately 14:00 UTC.

The Joomla! Security Strike Team (JSST) has been informed of a critical security issue in the Joomla! core.

Since this is a very important security fix, please be prepared to update your Joomla! installations next Tuesday.

Until the release is out, please understand that we cannot provide any further information.

joomla 3 6 3 teaser

Joomla! 3.6.3 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes a Backwards Compatibility Break we made in 3.6.2 with the article ordering. In addition there are a large number of minor improvements and bug fixes.

What's in 3.6.3

Joomla! 3.6.3 comes with more than 350 merged PR and small improvements in many areas. We have also updated the wysiwyg editors:

  • TinyMCE to 4.4.3
  • CodeMirror to 5.18.0

See the list of fixed GitHub issues for details of the tracker items fixed.

For known issues with the 3.6.3 release, see the Version 3.6.3 FAQ in the documentation site.

The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla! Community. Learn more about Joomla! development at the Joomla! Developer Network.

Subcategories

The latest news from the Joomla Team
Announcements & News related to Official Joomla! project Releases
Information about Joomla! Team members