During the latest release of Joomla! 3.6.1 an issue emerged because of a security fix. 3.6.1 introduced a CSRF token check to the Joomla! Update component as an extra level of security to fix a Medium Level security issue. 3.6.0 down to 2.5.4 (every Joomla! release with the update component) will hit an issue with failing to pass the CSRF token check because those versions don't generate the needed token to pass the check.
Therefore we have had to make some emergency decisions:
Updating from Joomla! 2.5.x
Unfortunately there was a bug when updating Joomla! 2.5.x to 3.6.0 - this was patched in the 3.6.1 release - however as this migration is no longer possible - you will need to first migrate to Joomla! 3.5.1 then upgrade to 3.6.0. Then follow the steps below for users on Joomla! 3.6.0.
Updating from Joomla! 3.0.0-3.5.1
Update to Joomla! 3.6.0 through the Joomla! Update component. Then follow the steps below for users on Joomla! 3.6.0.
Updating from Joomla! 3.6.0
Update the Joomla! Update Component through the Extension Manager. (In the administrator part of your website (example.com/administrator), go to Extensions -> Manage -> update. It might be that you have to clear the update cache before the component is shown, if the necessary update still doesn’t show up, go to Update Sites and click Rebuild.)
Then use the Joomla! Update component ( components -> Joomla! Update) to update to the latest 3.6.x version.
IMPORTANT: PLEASE READ THIS ANNOUNCEMENT ABOUT THE 3.6.1 UPDATE PROCESS
What's in 3.6.1?
Version 3.6.1 also addresses several issues:
- Fixes a bug resulting from a backwards compatibility break in PHP 7.0.9
- Fix for language redirects being cached in the browser
- Fix upgrades from Joomla! 2.5.28
- Fix SQLAzure database driver
- TinyMCE upgrade to 4.4.0.
Thanks to the hard work of 46 different volunteer contributors, more than 500 code commits, addressing nearly 150 issues, were made for the 3.6.1 release.
See the list of fixed GitHub issues for details of the tracker items fixed.
Security Issues Fixed
- Medium Priority - Core - CRSF More information »
- Low Priority - Core - ACL Violations More information »
- Low Priority - Core - XSS Vulnerability More information »
For known issues with the 3.6.1 release, see the Version 3.6.1 FAQ in the documentation site.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla! Community. Learn more about Joomla! development at the Joomla! Developer Network.
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.6 as the latest in the 3.x series.
Joomla! 3.6 introduces more than 400 improvements, including many features which make administration of Joomla! Web sites easier and more feature-rich, as well as many UX (user experience) improvements.
Joomla! 3 is the latest major release of the Joomla! CMS, with 3.6 the seventh standard-term support release in this series. Please note that going from 3.5 to 3.6 is a one-click update and is not a migration. The same is true for any subsequent versions in the 3 series of the CMS.
What's new in Joomla! 3.6
Here are some highlights of the 3.6 release:
- Joomla! Update has been improved and now allows you to reinstall Joomla’s core files at the click of a button, overwriting any modified file(s) and reverting them back to the default.
- Joomla! 3.6 contains a lot of UX improvements. Now you can find your modules faster, have tasks done by dropdown, improved user management and so much more...
- With the new Sub Form Field function in Joomla! 3.6, we added some extra additional functionality next to Repeatable fields. Now you can nest XML forms inside each other or reuse your existing forms inside your current form.
- Create categories on the fly: It can get frustrating when you create a new item, and you realise that you haven’t created a category yet. Joomla! 3.6 now lets you create a category on the fly for articles, contacts, newsfeeds and banners.
- Menu type ACL: ACL in the backend did not exist at the menu level, now we have improved that. Give or block certain user groups access to a specific menu, and therefore also all menu items of that menu.
- See what's in your menus with All Menu Items: The new option to show all items from all menus gives you a quick overview of what is displayed where on your website. It has never been easier to spot duplicated links, missing menu items or just get an overview of every menu on your site.
- And much more... To have a full list of the 3.6 features, please visit our GitHub Repository.