Joomla 4.1.2 and 3.10.8 Release

Joomla 4.1.2 & 3.10.8 is now available. This is a security release for both the 4.x and the 3.x series of Joomla which address a few security vulnerabilities and contains various bug fixes and improvements.

If you have already updated to 3.10.7 or 4.1.1 and your backend (/administrator) super user is having issues logging in, please read the release FAQ to resolve the issue.

What's in 4.1.2?

Joomla 4.1.2 includes all security patches from 4.1.1 except 20220303 that has been reverted due to implementation issues.

Security Issues Fixed with 4.1.1

  • [20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220307] Low Severity - Moderate Impact - Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) More information
  • [20220308] Low Severity - Moderate Impact - Inadequate content filtering within the filter code  (affecting Joomla! 4.0.0 through 4.1.0) More information
  • [20220309] Low Severity - Moderate Impact - XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) More information

Bug fixes and Improvements

  • Fix language strings behaviour in TinyMCE
  • Fix switch for syntax highlighting in TinyMCE
  • Show failed tasks in scheduler
  • Correct usage of Jooa11y parameters
  • Codemirror enhancements
  • Several 8.x PHP fixes

Visit GitHub for the full list of bug fixes.

What’s in 3.10.8?

Joomla 3.10.8 includes all security patches from 3.10.7 except 20220303 that has been reverted due to implementation issues:

Security Issues Fixed with 3.10.7

  • [20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220304] Low Severity - Moderate Impact - Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) More information
  • [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information
  • [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information

Bug fixes and Improvements with 3.10.7

Visit GitHub for the full list of bug fixes.

Where can I download Joomla 4.1.2 and the latest update of Joomla 3.10 series, Joomla 3.10.8?

On the Downloads site, of course :)

New Installations

New installation instructions and technical requirements

 
 

Upgrade

 
 

 

Remember… Please clear your browser's cache after updating.

Found a bug? Report it on the Joomla Issue Tracker.

Questions? See the documentation wiki for FAQ’s regarding the 4.1.2 release / 3.10.8

You would like to take a tour of Joomla 4 without having to install it? We have a solution for you: Try Joomla 4.1 at launch.joomla.org 

How can I upgrade my site to Joomla 4.1.2?

If your site is a Joomla 4.0.x installation

Then it’s a normal update, backup and update as you would with any Joomla update via the internal updater.

If your site is a Joomla 3.x installation

Don’t stress, you’re not alone, we are guiding you for the mini-migration.

The first step will be to update your site to the latest Joomla 3.10. We invite you to read Joomla 3.10 The Pre-update Checker. The 3.10 update checker will tell you which extensions are compatible with Joomla 4 (great, isn’t it?). 

And then, you just have to follow our step by step tutorials. You can find them on our official documentation at https://docs.joomla.org/Why_Migrate. Planning is the most important part of the mini-migration process. See https://docs.joomla.org/Planning_for_Mini-Migration_-_Joomla_3.10.x_to_4.x to start with. At the bottom of that doc, you can then proceed to the step by step for mini-migration from 3.10.x  to 4.x. and specifically start with planning at (you’ll find plenty of information and tutorial about Joomla 4 on JDocs).

Note: we advise you to first test the migration on a copy of your production site.

Migrate now?

You may also wonder if you have to migrate now? Ideally, you would start the planning of the migration now so that you can migrate once your template and extensions are ready. Use this as an opportunity to remove old and outdated extensions. More can be done with the core, safely and efficiently, so if an extension has not been migrated, see if you really need it..

Keep in mind that Joomla 3.10 is supported for another 1.5 years, so there is no pressure to migrate now, but you shouldn’t wait too long and be ready before 3.10 ends its support in August 2023.

You can read articles about the process of mini migration and Joomla 4.1 in the Joomla Community Magazine.

Make some noise. Joomla 4.1.2 is out!

We released the best Joomla yet. Let’s tell the world!

Get the message out about the great new features using the hashtag #Joomla4 and #Joomla4All. 

Link to J4 Brochure:https://joom.la/J4brochure

Link to J4 Documentation

 https://docs.joomla.org/J4.x:Getting_Started_with_Joomla!

https://docs.joomla.org/JDOC:Joomla_4_Tutorials_Project

Who is Joomla! For?

Do you need to make a website? For personal use, your work, a charity, not for profit. Perhaps a university, local government, then Joomla is for you.

A web agency needs a well-supported framework that can grow as your clients' needs grow. Then Joomla is for you.

Written by volunteers from every sector, it's used all over the internet for all kinds of projects: from blogs and intranets to national government sites. From small shops to world-leading brand sites, Joomla is capable of growing to fit your needs.

Joomla’s power comes from its ever-evolving code base, keeping up with best practices, but also from its large ecosystem of developers who see opportunities in the market and fill those gaps with good software designed to meet real-world needs.

Joomla 4.1.2 is the latest in a world-class CMS that allows you to start your website knowing it can grow with your needs and scale with your customers.

All this and Joomla 4 is free to use and open-source software.

What are you waiting for? Install today and grow your future.

How can you help Joomla development?

There are a variety of ways in which you can get actively involved with Joomla. It doesn't matter if you are a coder, an integrator, or a user of Joomla. You can contact any of our volunteer engagement team to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.

The Joomla! Bug Squad and the CMS Release Team are some of the most active teams in the CMS development process and are always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. A great way for increasing your working knowledge of the Joomla code base, and also a great way to meet new people from all around the world.

If you are interested, please read about us on the Joomla! Wiki and, if you wish to join, email Jacob Waisner, This email address is being protected from spambots. You need JavaScript enabled to view it., our Bug Squad coordinator.

You can also help Joomla development by thanking those involved in the many areas of the process. The Project also wants to thank all the contributors who have taken the time to prepare and submit work to be included in the Joomla CMS and Framework.

A Huge Thank You to Our Volunteers!

Joomla is the result of thousands of hours of work by lots of volunteers.

A big thank you goes out to everyone that contributed to the 4.1 & 3.10 release!

Translations