The Joomla! Project is pleased to announce the immediate availability of Joomla 3.3.6. This is a maintenance release addressing issues with yesterday’s 3.3.5 release. This release addresses an issue related to the core update component, one regression in the user password reset process, and adds a fallback upgrade mechanism for the update component. This release is considered a security release since it includes two resolved security issues associated with 3.3.5. A 3.2.7 release is also available for users who are still using Joomla! 3.2 which addresses the security issues and the upgrade component bug.
If you are currently running a Joomla! release on a server with PHP 5.3.10 or later, we encourage you to update immediately to Joomla! 3.3.6 via either the one-click update or the update downloads available at www.joomla.org/download.html.
Note that in order to update directly to 3.3.6 via the core update component, you must be running 3.2.2 or later due to the raised minimum supported PHP version and the update system not supporting checking the server’s PHP version in older releases. Older 3.x releases will be prompted to update to 3.2.7 before being presented the 3.3.6 update.
Special Download Instructions
Because of the issue with the update component, users who are running 3.2.6 or 3.3.5 will be unable to update to the next release using Joomla's update component. These users will be required to update their Joomla! installation via the Extension Manager. Instructions for updating via the Extension Manager can be found on the Joomla! Documentation Wiki. Users who are running Joomla! 3.3.0 through 3.3.4 and 3.2.5 or earlier will be able to update using the update component. The Joomla! Documentation wiki contains full instructions on how to update your site.
What's in 3.3.6?
Thanks to the hard work of our volunteer contributors, 9 bugs have been resolved with the 3.3.5 release.
See the Joomla! 3.3.5 Milestone on GitHub for details of the items fixed.
Additionally, the following items were addressed based on user reports after yesterday's release:
Security Issues Fixed
- High Priority - Core - Remote File Inclusion More information »
- Medium Priority - Core - Denial of Service More information »
For known issues with the 3.3.6 release, see the Version 3.3.6 FAQ in the documentation site.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Joomla! Developer Network.
New Installations: Download Joomla! 3.3.6 (Full package) »
New installation instructions and technical requirements
Update Package: Download Joomla! 3.3.6 (Update package) »
Note: Please read the update instructions before updating.
Please remember to clear your browser's cache after upgrading.
3.2.7 Package: Download Joomla! 3.2.7 (Update package) »
Note: This package is only recommended for sites on servers running PHP versions 5.3.1 through 5.3.9; those on 5.3.10 or later are encouraged to update to 3.3.
How can you help Joomla! development?
There are a variety of ways in which you can get actively involved with Joomla! It doesn't matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager, David Hurley, to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.
The Joomla! Bug Squad is one of the most active teams in the Joomla! development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla!, and also a great way to meet new people from all around the world.
If you are interested, please read about us on the Joomla! Documentation Wiki and, if you wish to join, email Nick Savov, our Bug Squad coordinator.
You can also help Joomla! development by thanking those involved in the many areas of the process. In the past year, for example, over 1,000 bugs have been fixed by the Bug Squad.
Thank you to the community members who were active in the testing and resolution of the issues addressed in this release:
Alex van Niel, Anja Hage, Bourderiou Stéphane, Brian Teeman, Christian Hent, Christiane Maier-Stadtherr, Cyril Rezé, Dennis Hermatski, Dmitry Rekun, Emir, Henrik Zawischa, Isidro Baquero, Jean-Marie Simonet, Marc-Antoine Thevenet, Michael Babker, Nicholas Dionysopoulos, Paulo Matos, Peter Lose, René Alain Erichsen, Roberto Segura, Roger Perren, Sander Potjer, Stefania Gaianigo, Thomas Hunziker, Tobias Zulauf, Torsten Egeler, Tuan Pham Ngoc, Viktor Vogel
Joomla! Bug Squad
Thank you to the Joomla! Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla!, please report it on the Joomla! Issue Tracker.
Active members of the Joomla! Bug Squad during past 3 months include: A. Booij, Anja Hage, Axel Rank, Bernard Saulme, Brian Teeman, chris chris, Chris Davenport, David Hurley, Demis Palma, Dmitry Rekun, Elijah Madden, George Wilson, Hannes Papenberg, Hervé Boinnard, Ilie PAndia, Jan Pavelka, Jean-Marie Simonet, Jisse Reitsma, Leo Lammerink, lukig lukig, Matt Thomas, Michael Babker, Nadeeshaan Gunasinghe, Nicholas Dionysopoulos, Niels van der Veer, Peter Lose, Robert Dam, Robert Gastaud, Roberto Segura, Roland Dalmulder, Sander Potjer, Thomas Hunziker, Tino Brackebusch, Tobias Zulauf, Valentin Despa, Viktor Vogel, Volkmar Schlothauer.
Bug Squad Leadership: Nick Savov, Coordinator.
Joomla! Security Strike Team
A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla! secure. Members include: Airton Torres, Alan Langford, Beat, Bill Richardson, Claire Mandville, David Hurley, Don Gilbert, Gary Brooks, Jason Kendall, Javier Gomez, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Matias Griese, Michael Babker, Nick Savov, Pushapraj Sharma, Roberto Segura, Rouven Weßling, Thomas Hunziker.