The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.
For more information about this exploit, click here to visit the Joomla Security Blog.
- Upgrade from an existing Joomla! 1.5 version
- Migration from Joomla! 1.0.x
- See below for manual installation instructions
- SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.
For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:
components/com_user/models/reset.php changelog.php includes/framework.php administrator/includes/framework.php libraries/joomla/version.php libraries/joomla/environment/uri.php
This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.