The Joomla! Project announces the immediate availability of Joomla! 1.6.4. This is a security release. This release corrects four security issues and fixes an issue relating to version upgrades.
Note that version 1.7.0 is scheduled to be released on 19 July 2011. Users planning to upgrade from version 1.6 to 1.7 will need to be running version 1.6.4 in order to upgrade to version 1.7.0.
Important Note: A security fix was made for the Category List layouts for articles, contacts, newsfeeds, and weblinks as well as the Featured Contact list. If you have created a template override for one of these layouts based on the core layout, your file could contain this security issue. Please see the release FAQ for more information.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! developement at the Developer Site.
Download
Click here to download Joomla 1.6.4 (Full package) »
Click here to download Joomla 1.6.4 (Upgrade packages) »
Instructions
- New installation and technical requirements
- Upgrade from an existing Joomla 1.6 version
- Migration from Joomla! 1.5.x
Want to test drive Joomla? Try the online demo. Documentation is available for beginners.
Please note that you should always backup your site before upgrading.
Release Notes
Check the Joomla 1.6.4 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.
Security
- Medium Priority - Core - XSS Vulnerabilities.
- Low Priority - Core - Information Disclosure.
- Medium Priority - Core - Unauthorised Access.
- Medium Priority - Core - XSS Vulnerabilities.
Issues Fixed
| Category | Summary | Link |
|---|---|---|
| Installation | Automatic db update during upgrades | 26171 |
| Installation | Updating from J1.6.2 to J1.6.3 removes all files! | 25696 |
Statistics for the 1.6.4 release period:
- Joomla 1.6.4 contains:
- 2 tracker issues fixed in SVN
- 4 securities issues fixed
Joomla! Bug Squad
Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the 1.6 Bug Tracker.
Active members of the Joomla Bug Squad during this last release cycle include: A Firoozmandan, Akarawuth Tamrareang, Amy Stephen, Andrea Tarr, Andrew Eddie, Bill Richardson, Brian Teeman, Christophe Demko, Cristina Solana, Dennis Hermacki, Elin Waring, Ian Galpin, Jacob Waisner, Jean-Marie Simonet, Marius van Rijnsoever, Mark Dexter, Matt Thomas, Michael Babker, Miha Trtnik, Nicholas Dionysopoulos, Nikolai Plath, Ole Bang Ottosen, Ronald Pijpers, Rouven Weßling, Rune Sjøen, Samuel Moffatt, Tim Plummer, Tom Fuller, Viet Hoang Vu.
Bug Squad Leadership: Andrew Eddie and Mark Dexter Coordinators; Bill Richardson, Elin Waring, Marijke Stuivenberg, Matt Thomas, and Omar Ramos, Team Leaders.
Joomla! Security Swat Team
A big thanks to the Joomla! Security Swat Team for fixing all reported security issues with this release. Members include: Airton Torres, Alan Langford, Andrew Eddie, Bill Richardson, Elin Waring, Jason Kendall, Louis Landry, Marijke Stuivenberg, Mark Dexter, Omar Ramos, Rouven Weßling, Samuel Moffatt.