The Joomla Project announces the immediate availability of Joomla 1.6.2. This is a security release.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.
Download
Click here to download Joomla 1.6.2 (Full package) »
Click here to download Joomla 1.6.2 (Upgrade packages) »
Instructions
- New installation and technical requirements
- Upgrade from an existing Joomla 1.6 version
- Migration from Joomla! 1.5.x
Want to test drive Joomla? Try the online demo. Documentation is available for beginners.
Please note that you should always backup your site before upgrading.
Release Notes
Check the Joomla 1.6.2 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.
Security
- Low Priority - Core - Information Disclosure.
- Low Priority - Core - Information Disclosure.
- Low Priority - Core - XSS Vulnerabilities.
- Medium Priority - Core - XSS Vulnerabilities.
- Medium Priority - Core - XSS Vulnerabilities.
- Medium Priority - Core - Unauthorised Access.
- Medium Priority - Core - SQL Injection.
- Medium Priority - Core - Clickjacking.
Issues Fixed
| Category | Summary | Link |
|---|---|---|
| ACL | JModelForm enables 'com_checkin' for 'core.manage' - should be 'core.admin' | 25540 |
| Administration | Improve .htaccess rewrite efficency | 22425 |
| Administration | Don't always load Mootools (More) in the backend. | 24736 |
| Administration | Administrator (with a capital A) does weird stuff | 24835 |
| Administration | *Systeminformation > Directory Permissions: List incomplete | 25088 |
| Administration | Logout in administration menu not working | 25262 |
| Authentication and Login | Gmail authentication fails (Verify Peer variable mistyped) | 25576 |
| Automated Test | Automated ACL system test to test manage permission | 22618 |
| Automated Test | Fix failing unit test for JDocument | 25286 |
| Automated Test | Xcache can not be tested using phpunit | 25301 |
| Automated Test | Add more unit tests for JURI | 25348 |
| Automated Test | Fix failing unit test for JDocumentRenderRSS | 25359 |
| Browsers | Font Size not working with Internet Explorer 7 | 25403 |
| Code Style | Unused JElement classes in core | 23458 |
| Code Style | Don't use the javascript pseudo protocol when it isn't necessary | 25111 |
| Code Style | Several places calling getXMLparser instead of getXMLParser | 25213 |
| Code Style | Many places calling JHTML:: instead of JHtml:: | 25224 |
| Code Style | Fix a number of incorrect comment in components | 25247 |
| Code Style | Don't use sizeof() | 25372 |
| Code Style | Optimize for loops | 25385 |
| Code Style | Empty file administrator/components/com_users/helpers/levels.php | 25467 |
| Components | Unable to create external menu item type with an alias that is a folder name | 24430 |
| Components | Blog pagination options missed in Gobal configuration (com_content) | 24836 |
| Components | Contact form not using Jform makes event not work as expected | 24987 |
| Components | Featured articles are reordered when editing one of them | 25118 |
| Components | 1.6.1 breaks wrapper menu links | 25238 |
| Components | *Issue with Articles created in front-end and set to featured | 25240 |
| Components | *Missing weblink ini strings when submit/edit weblink from a content | 25252 |
| Components | *Weblinks adding words "Web links" before the actual link text | 25276 |
| Components | Media form field is not allowed access to media manager in the front end | 25288 |
| Components | Wrong CSS class declaration | 25305 |
| Components | Article Title will not go away no matter what. | 25308 |
| Components | *Unused show title parameter for archives menu item | 25338 |
| Components | new layouts - No pagination on articles category page if first visit | 25370 |
| Components | *Combined patch for various meta issues in menu items | 25481 |
| Components | Extra quote in com_weblinks | 25522 |
| Components | Apply (Save and present in Editor again) does not checkout row | 25541 |
| Components | Wrong header output in com_contact vCard view makes IE handle vCard downloads wrong... | 25545 |
| Components | com_contact vCard link not using JRoute::_() which causes download issues with System - Language Filter plugin enabled and SEF | 25550 |
| Components | Category Blog - More Article links don't have limitation | 25563 |
| Components | *ROOT parent category wrongly displays in featured and blog layout | 25572 |
| Components | *Unused Jtoolbarhelper title in Language Manager Content Languages | 25585 |
| Components | Sort in Article Category List broken | 25602 |
| Database | failure to delete error message showing incorrectly | 25098 |
| Database | performance of assets table query with > 40 articles on website in registered mode | 25617 |
| Forms | onchange event does not fire in JFormFieldAMedia | 25071 |
| Front End | Article edit page permits you to attempt to edit checked-out articles causing 403 errors. With patch. | 25259 |
| Front End | Menu alias not respecting "active" | 25347 |
| Front End | Undefined notice on 404 page | 25486 |
| Installation | *joomla.xml still exists after install of install | 24345 |
| Installation | Typos in sample data | 25397 |
| Installation | Installer missing client-side check that package was selected prior to pressing Upload and Install Button. | 25451 |
| Javascript | No javascript form validation after clicking submit button | 25228 |
| Joomla! Libraries | access levels - pagination::orderDownIcon appearing before last item | 21809 |
| Joomla! Libraries | Improved fix for XSS issue found in Joomla 1.5.20 | 22870 |
| Joomla! Libraries | browser detection script reports wrong informations | 22926 |
| Joomla! Libraries | Installation of tar.gz packages fails in xampp under Windows | 23364 |
| Joomla! Libraries | Remove remaining ereg* functions - Obscolete in PHP 5.3 | 23878 |
| Joomla! Libraries | Module plugin and component scriptfile are not copied to final install point | 24954 |
| Joomla! Libraries | The word Array appears below the document when Cache is turned on | 24974 |
| Joomla! Libraries | *rev 20974 breaks normal sliders/tabs behavior | 25399 |
| Joomla! Libraries | *Content language ordering not implemented | 25401 |
| Joomla! Libraries | JPane slider effect not functioning properly | 25417 |
| Joomla! Libraries | Extension "upgrade" method re-installing component | 25425 |
| Joomla! Libraries | #24285 change breaks module cache functionality needs to be reverted | 25551 |
| Joomla! Libraries | the package strings are not translated when installing or managing" | 25569 |
| Languages | *Contact language is ignored in frontend | 24710 |
| Languages | Plugin instead of Module in en-GB.lib_joomla.ini | 25136 |
| Languages | Incorrect SMTP security option | 25145 |
| Languages | Typo in en-GB.lib_joomla.ini | 25231 |
| Languages | Some errors and warnings are not translated due to missing JText::_() | 25232 |
| Languages | The front end rendering of the media field is missing srings | 25289 |
| Languages | Incorrect language keys in error.php of atomic template | 25319 |
| Languages | Typos on the 404 page | 25320 |
| Languages | com_menus translation is missing for list items | 25355 |
| Languages | *Although en-GB language is protected by default in db it can be uninstalled | 25416 |
| Languages | *en-GB.files_joomla.sys.ini not loading | 25614 |
| Media Manager | media manager folder names hidden when long | 25257 |
| Modules | Hiding "Add New Shortcuts" removed Groups and Levels in admin menu | 24321 |
| Modules | Module latest user parameter link to contact does not work | 24917 |
| Modules | Static caching of language switcher ruins the correct class lang-active behaviour (patch included) | 25021 |
| Modules | Changing modules doesn't reflect changes with enabled caching. | 25139 |
| Modules | * hr.gif and sr.gif are transparent | 25177 |
| Modules | Wrong order in Module Latest Users | 25318 |
| Modules | Ordering of two modules options are inconsistent | 25360 |
| Modules | *langswitcher module can display content languages with no specific home page | 25400 |
| Modules | Database error not handled in mod_users_latest and mod_articles_archive | 25496 |
| Modules | *Notices with module Articles category | 25497 |
| Modules | Minor Bugs in mod_whosonline | 25519 |
| Modules | Module Articles Category takes server timezone instead of Joomla one | 25593 |
| Plugins | Form onchange event pointing to non-existant event | 25074 |
| Plugins | *Plugin System cache error when debug is on. | 25174 |
| Plugins | Language filter redirecting breaks image uploading in frontend. Patch included. | 25210 |
| Plugins | Following http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=25210 | 25356 |
| Plugins | *Wrong lang load order when editing plugin | 25495 |
| Plugins | Update CodeMirror to Version 1.0 | 25508 |
| Plugins | *Email Cloak Plugin outputs preformatted code in email "to" field | 25603 |
| RTL | RTL issues with beez 2 and beez 5 | 25172 |
| Search Engine Friendly | Content pictures aren't displaying if SEF is on and System Cache plugin is enabled | 25170 |
| Search Engine Friendly | 404 after pagebreak in <--prev next --> footer | 25176 |
| Search Engine Friendly | The robots.txt file offers no protection for a site installed in a folder. | 25340 |
| Search Engine Friendly | Menu item type Alias not editable alias | 25349 |
| Search Engine Friendly | *Metatag Robots not working for menu items | 25436 |
| Templates | Don't add aria role breadcrumbs | 24998 |
| Templates | *Save & Copy template styles issue | 25269 |
| Templates | tooltips in high contrast mode (bluestork) | 25412 |
| Templates | Hathor: minor bug that causes hidden Date values in com_templates | 25432 |
| Templates | admin templates does not add a border on fielset when using tabs | 25571 |
| Templates | RTL in Atomic | 25581 |
| User Interface | Native support for IIS Rewrite | 24016 |
| User Interface | Inconsistency in the naming of the items statuses | 24514 |
| User Interface | Fix New and Save icons for other components | 25025 |
| User Interface | module assignment slider gives inaccurate information for modules with "all except" | 25027 |
| User Interface | Media manager popup - Change of directory don't reflect in list of images and folders on windows system (XAMPP) | 25129 |
| User Interface | *Normalizing com_messages UI | 25285 |
Statistics for the 1.6.2 release period:
- Joomla 1.6.2 contains:
- 115 tracker issues fixed in SVN
- 8 security issues fixed
Joomla! Bug Squad
Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the 1.6 Bug Tracker.
Active members of the Joomla Bug Squad during this last release cycle include: Andrea Tarr, Andrew Eddie, Bill Richardson, Brian Teeman, Christophe Demko, Dennis Hermacki, Elin Waring, Harald Leithner, Ian MacLennan, Jacob Waisner, Janich Rasmussen, Jean-Marie Simonet, Jennifer Marriott, Jeremy Wilken, Marc STUDER, Marijke Stuivenberg, Mark Dexter, Matt Thomas, Michael Babker, Nicholas Dionysopoulos, Niels Braczek, Nikolai Plath, Ole Bang Ottosen, Omar Ramos, Pete Nurse, Peter Chovancak, Piotr Mocko, Radek Suski, Reinhard Hiebl, Roland Dalmulder, Rouven Weßling, Rune Sjøen, Samuel Moffatt, Zachary Draper.
Bug Squad Leadership: Andrew Eddie, Ian MacLennan, and Mark Dexter Coordinators; Bill Richardson, Elin Waring, Marijke Stuivenberg, Matt Thomas, and Omar Ramos, Team Leaders.
Joomla! Security Swat Team
A big thanks to the Joomla! Security Swat Team for fixing all reported security issues with this release. Members include: Airton Torres, Alan Langford, Andrew Eddie, Bill Richardson, Elin Waring, Ian MacLennan, Jason Kendall, Louis Landry, Marijke Stuivenberg, Mark Dexter, Omar Ramos, Rouven Weßling, Samuel Moffatt.