Joomla 4.2.8 Security Release

Joomla! 4.2.8 is now available. This is a security release for the 4.x series of Joomla! which addresses a critical security vulnerability in the web services API. We strongly recommend that you update your sites immediately.

This release only contains the security fix; no other changes have been made compared to the Joomla! 4.2.7 release.
After the release, we strongly advise you to renew the passwords for all credentials that are stored in the global site configuration, namely:

  • database
  • SMTP
  • Redis
  • HTTP proxy

The issue has been reported in a responsible disclosure process, there have been no signs of exploitation on public sites.

Security issue fixed with 4.2.8

[20230201] - Core - Improper access check in webservice endpoints
More Information

Where can I download Joomla 4.2.8?

On the Downloads site, of course :)

New Installations

New installation instructions and technical requirements

Upgrade

Where can I find documentation about Joomla 4?

We have tutorials to help you with Joomla 4. Creating a Plugin or a Module for Joomla 4, namespaces conventions, prepared statements, using the new web asset classes and many more.

We encourage developers to help write the documentation about Joomla 4 on docs.joomla.org to help and guide users and other extension developers.

A JDocs page will help developers to see the existing documentation, and the documentation still needed.

We invite you to check it regularly, update it and provide the missing content:https://docs.joomla.org/JDOC:Joomla_4_Tutorials_Project

Should I plan to upgrade to Joomla 4.2?

Joomla 4.2 is Joomla’s latest major version.

Joomla 3.10 will continue to be supported with security fixes until 17th August 2023, giving you plenty of time to plan your migration to Joomla 4 and update your extensions (if required) to become Joomla 4 compatible versions.

As it is now more a year since the release of J4.0, you should be planning or in the process of migrating to the latest version of Joomla.

We provide resources to help with the migration on the documentation site.

Make some noise. Joomla 4.2.8 is out!

We released the best Joomla yet. Let’s tell the world!

Get the message out about the great new features using the hashtag #Joomla4 and #Joomla4All. 

J4 Brochure: https://joom.la/J4brochure

J4 Documentation: https://docs.joomla.org/J4.x:Getting_Started_with_Joomla!

Who is Joomla! For?

Do you need to make a website? For personal use, your work, a charity, not for profit. Perhaps a university, local government, then Joomla is for you.

A web agency needs a well-supported framework that can grow as your clients' needs grow. Then Joomla is for you.

Written by volunteers from every sector, it's used all over the internet for all kinds of projects: from blogs and intranets to national government sites. From small shops to world-leading brand sites, Joomla is capable of growing to fit your needs.

Joomla’s power comes from its ever-evolving code base, keeping up with best practices, but also from its large ecosystem of developers who see opportunities in the market and fill those gaps with good software designed to meet real-world needs.

Joomla 4.2.8 is the latest in a world-class CMS that allows you to start your website knowing it can grow with your needs and scale with your customers.

All this, and Joomla 4 is free to use and open-source software. 

What are you waiting for? Install today and grow your future.

How can you help Joomla development?

There are a variety of ways in which you can get actively involved with Joomla. It doesn't matter if you are a coder, an integrator, or a user of Joomla. You can contact any of our volunteer engagement team to get more information, or if you are ready, you can jump right into the Joomla! Bug Squad.

The Joomla! Bug Squad and the CMS Release Team are some of the most active teams in the CMS development process and are always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. A great way for increasing your working knowledge of the Joomla code base, and also a great way to meet new people from all around the world.

If you are interested, please read about them here Joomla! Wiki and, if you wish to join, email This email address is being protected from spambots. You need JavaScript enabled to view it..

The Project also wants to thank all the contributors who have taken the time to prepare and submit work to be included in the Joomla CMS and Framework.

A Huge Thank You to Our Volunteers!

Joomla 4.2.8 is the result of thousands of hours of work by lots of volunteers.

A Huge Thank You goes out to everyone that contributed to this release!

Related information

If you are an extension developer, please make sure you subscribe to the general developer mailing list, where you can discuss extension development. News that may affect custom development will also be posted there from time to time.

Translations