Details

Created: 13 December 2016

Joomla! 3.6.5 is now available. This is a security release for the 3.x series of Joomla! which addresses three security vulnerabilities, miscellaneous security hardening and three bug fixes; no further changes have been made compared to the Joomla! 3.6.4 release. We strongly recommend that you update your sites.

What's in 3.6.5

Version 3.6.5 is released to address three security issues, miscellaneous security hardening and three bugs.

Security Issues Fixed

• High Priority - Core - Elevated Privileges (affecting Joomla! 1.6.0 through 3.6.4) More information »
• Low Priority - Core - Shell Upload (affecting Joomla! 3.0.0 through 3.6.4) More information »
• Low Priority - Core - Information Disclosure (affecting Joomla! 3.0.0 through 3.6.4) More information »
• Security Hardening More information »

Bug Fixes

• [#12817] Fix Joomla Updater for Windows Users
• [#12984] Fix installation language for sr-YU
• [#12589] and [#13127] Fix default values for user creation on installation

Please see the documentation wiki for FAQ’s regarding the 3.6.5 release.

Read more: Joomla! 3.6.5 Released

Details

Created: 18 November 2016

Over the last weeks we have sent mixed messages about Joomla! 3.7 and what will be included in the final version. Without having an alpha/beta version published this is always complicated but with this post we are trying to clear the air.

Read more: Road to Joomla! 3.7

Details

Created: 27 October 2016

As part of our post-release review process for the 3.6.4 release, the Joomla! Security Strike Team has identified and confirmed an additional side effect of the issue resolved in security advisory 20161002 (CVE-2016-8869) and as such we have revised our assessment of this issue.

Read more: Revised Assessment of 3.6.4 Security Release

Details

Created: 25 October 2016

Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses three critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately.

This release only contains the security fixes and bug fix; no other changes have been made compared to the Joomla! 3.6.3 release.

What's in 3.6.4

Version 3.6.4 is released to address two critical security issues and a bug regarding two-factor authentication.

Security Issues Fixed

• High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3) More information »
• High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3) More information »
• High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3) More information »

Bug Fixes

• [#12497] Two-Factor Authentication encryption fix

Please see the documentation wiki for FAQ’s regarding the 3.6.4 release.

Read more: Joomla! 3.6.4 Released

Details

Created: 21 October 2016

A Joomla! 3.6.4 release containing a security fix will be published on Tuesday 25th October at approximately 14:00 UTC.

The Joomla! Security Strike Team (JSST) has been informed of a critical security issue in the Joomla! core.

Since this is a very important security fix, please be prepared to update your Joomla! installations next Tuesday.

Until the release is out, please understand that we cannot provide any further information.