The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.1 [Seenu]. Since the stable release of Joomla! 1.5 we have seen huge numbers of downloads which has helped to push the total number of downloads to over 3 million in less than a year.
We have found in one of the new features of Joomla! 1.5, an XML-RPC Blogger API plugin, a high priority security vulnerability. While this feature is disabled by default on every Joomla! 1.5 install and would have to be manually enabled for the vulnerability to exist, we strongly recommend that all Joomla! 1.5 users upgrade to Joomla! 1.5.1.
Thanks to the work done by both the Joomla! Bug Squad as well as the Development Team , not only has this vulnerability been patched but so have several other smaller issues.
Joomla! 1.5.1 Fixes a security vulnerability in the XML-RPC Blogger API plugin which allows an unauthorized user to edit, post and delete articles. It is strongly recommended that all Joomla! 1.5 users upgrade to Joomla! 1.5.1, especially if the XML-RPC system is in use. Other fixes included in Joomla! 1.5.1 include:
- Fixed XML-RPC/Blogger security issue.
- Fix to SEF issues including creation of optional livesite parameter if needed which will also allow reverse proxy.
- Change to mass mail so that blind carbon can be used, protecting email addresses of your users.
- Fix to date function that was causing an error in the end publication date for some systems.
- Fixed UTF 8 database detection.
- Addressed a number of internationalization issues.
- Fixes to a number of minor issues
Installing, Upgrading and Migrating
For those people interested in migrating from Joomla! 1.0 please note that this is still an evolving process and is likely to be refined and optimized as feedback is received. For those upgrading from Joomla! 1.5 an upgrade to Joomla! 1.5.1 is as easy as it was to upgrade any version of Joomla! 1.0.x previously. Further instructions can be found below.
From Joomla! 1.5.x
From Joomla! 1.0.x