The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.3.4. This is a security release for the 3.x series of Joomla! and addresses two security issues. A 3.2.5 release is also available for users who are still using Joomla! 3.2 which addresses these security issues.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.4 via either the one-click update or the update downloads available at www.joomla.org/download.html.
Note that in order to update directly to 3.3.4 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.5 before being presented the 3.3.4 update.
What's in 3.3.4?
Due to the shift from JoomlaCode to the Joomla! Issue Tracker as our issue tracking platform, a consolidated list of tracker issues is not available for this release unfortunately. The consolidated code diff can be found at https://github.com/joomla/joomla-cms/compare/3.3.3...3.3.4 which includes links to most of the tracker items fixed during this release cycle.
Security Issues Fixed
- Medium Priority - Core XSS Vulnerability More information »
- Medium Priority - Core Unauthorised Logins More information »
For known issues with the 3.3.4 release, see the Version 3.3.4 FAQ in the documentation site.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Joomla! Developer Network.
New Installations: Click here to download Joomla! 3.3.4 (Full package) »
Update Package: Click here to download Joomla! 3.3.4 (Update package) »
Note: Please read the update instructions before updating.
Please remember to clear your browser's cache after upgrading.
3.2.5 Package: Click here to download Joomla! 3.2.5 (Update package) »
Note: This package is only recommended for sites on servers running PHP versions 5.3.1 through 5.3.9; those on 5.3.10 or later are encouraged to update to 3.3.
How can you help Joomla! development?
There are a variety of ways in which you can get actively involved with Joomla! It doesn't matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager,
The Joomla! Bug Squad is one of the most active teams in the Joomla! development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla!, and also a great way to meet new people from all around the world.
If you are interested, please read about us on the Joomla! Documentation Wiki and, if you wish to join, email
You can also help Joomla! development by thanking those involved in the many areas of the process. In the past year, for example, over 1,000 bugs have been fixed by the Bug Squad.
Thank you to the code contributors and active Bug Squad members that created and tested this release:
Achal Aggarwal, Alex B., Alexander Meier, Andrea Tosti, Arlen Walker, Artur Stępień, Axel Rank, Beat, Ben Griffin, Benjamin Trenkle, Bernard Saulme, Brian Teeman, Chris Davenport, Christopher Valmas, Damien Barrere, David Hurley, Demis Palma, Dennis Hermatski, Dmitry Rekun, Elijah Madden, Eric Fernance, Fedik Zinchuk, George Wilson, Gunjan Patel, Hannes Papenberg, Hayden Young, Hervé Boinnard, Jan Pavelka, Jean-Marie Simonet, Jefersson Nathan, Johannes S-F, Jonny Roger, Julien Vonthron, Lao Neo, Leo Lammerink, Mark Seymour, Marko Đedović, Massimiliano Valentini, Matt Thomas, Michael Babker, Michael Dunkle, Miguel Angel, Nadeeshaan Gunasinghe, Nicholas Dionysopoulos, Nick Savov, Niels van der Veer, Oskar Signell, Peter Lose, Peter van Westen, Piotr Moćko, Rafael Berlanda, Robert Gastaud, Roberto Segura, Roland Dalmulder, Sander Potjer, Sergey Litvinov, Steve Bink, Tanase ButcaruThomas Hunziker, Tino Brackebusch, Tobias Zulauf, Valentin Despa, Viktor Vogel, Volkmar Schlothauer, Webmaster LPO, Xavier Pallicer.
Joomla! Bug Squad
Thank you to the Joomla! Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla!, please report it on the Joomla! Issue Tracker.
Active members of the Joomla! Bug Squad during past 3 months include: A. Booij, Anja Hage, Axel Rank, Bernard Saulme, Brian Teeman, chris chris, Chris Davenport, David Hurley, Demis Palma, Dmitry Rekun, Elijah Madden, George Wilson, Hannes Papenberg, Hervé Boinnard, Ilie PAndia, Jan Pavelka, Jean-Marie Simonet, Jisse Reitsma, Leo Lammerink, lukig lukig, Matt Thomas, Michael Babker, Nadeeshaan Gunasinghe, Nicholas Dionysopoulos, Niels van der Veer, Peter Lose, Robert Dam, Robert Gastaud, Roberto Segura, Roland Dalmulder, Sander Potjer, Thomas Hunziker, Tino Brackebusch, Tobias Zulauf, Valentin Despa, Viktor Vogel, Volkmar Schlothauer.
Bug Squad Leadership: Nick Savov, Coordinator.
Joomla! Security Strike Team
A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla! secure. Members include: Airton Torres, Alan Langford, Beat, Bill Richardson, Claire Mandville, David Hurley, Don Gilbert, Gary Brooks, Jason Kendall, Javier Gomez, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Matias Griese, Michael Babker, Nick Savov, Pushapraj Sharma, Roberto Segura, Rouven Weßling, Thomas Hunziker.