Joomla 4.2.4 Security Release

Joomla 4.2.4 is now available. This is a security release for the 4.x series of Joomla which addresses 2 security vulnerabilities.

Security issues fixed

  • [20221001] Low Severity - Critical Impact - Disclosure of critical information in debug mode (affecting Joomla! 4.0.0 - 4.2.3) More Information
  • [20221002] Low Severity - Low Impact - RXSS through reflection of user input in headings (affecting Joomla! 4.0.0 - 4.2.3) More Information

As the main issue focuses on the site having its debug mode set to Yes, the quickest way to help your site while backing up and preparing for the update is to simply switch “Debug System” to No if it is switched currently on.

Debug is located in the Global Configuration area of your site under the System tab.

debug

If you are running a publicly accessible Joomla 4.x site which had debug mode enabled for a significant timeframe, we strongly recommend checking the site for suspicious activity as the issue has been observed to be exploited in the wild by at least one actor.

Addendum

At the point of pushing the changes, some of the bug fixes that were intended for the next planned release made their way into this release.

So we need to update you with a few extra fixes which are all listed here.
Full list of 4.2.4 fixes

Where can I download Joomla 4.2.4?

On the Downloads site, of course :)

New Installations

New installation instructions and technical requirements

Upgrade

Remember… Please clear your browser's cache after updating.

How can you help Joomla development?

There are a variety of ways in which you can get actively involved with Joomla. It doesn't matter if you are a coder, an integrator, or a user of Joomla. You can contact any of our volunteer engagement team to get more information, or if you are ready, you can jump right into the Joomla! Bug Squad.

The Joomla! Bug Squad and the CMS Release Team are some of the most active teams in the CMS development process and are always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. A great way for increasing your working knowledge of the Joomla code base, and also a great way to meet new people from all around the world.

If you are interested, please read about them here Joomla! Wiki and, if you wish to join, email This email address is being protected from spambots. You need JavaScript enabled to view it..

The Project also wants to thank all the contributors who have taken the time to prepare and submit work to be included in the Joomla CMS and Framework.

Joomla 4.2.4 is the result of thousands of hours of work by lots of volunteers.

A Huge Thank You goes out to everyone that contributed to the 4.2.4 release!

Related information

If you are an extension developer, please make sure you subscribe to the general developer mailing list, where you can discuss extension development. News that may affect custom development will also be posted there from time to time.

Translations