Security Release

The Joomla! Project now announces the immediate release of Joomla! 1.0.15 [Daytime]. This release addresses a security vulnerability and it is recommended that you upgrade immediately. Begin by testing on a backup copy of your site. Once you have verified that your site works as expected, backup your live site and upgrade as soon as possible.

Joomla! 1.0.15 Full Packages Joomla! 1.0.15 Patch Packages

RELEASE NOTES

Joomla! 1.0.15 addresses a security issue discovered since our last stable release, Joomla! 1.0.14. After adequate testing on a backup or sandbox version of your live site, you should backup your live site and upgrade to 1.0.15.

Security Fixes

  • SECURITY [HIGH] Fixed remote file inclusion vulnerability.

Upgrading

Upgrade instructions and additional documentation can be found on our documentation wiki at:

https://docs.joomla.org/Upgrade_Instructions

Explanation

In Joomla! 1.0.13, the following line was added to the configuration.php file:

if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }

This file is located in the root directory of your Joomla! Web site. Including this extra line protects against possible remote file inclusion.

Web sites created with Joomla! 1.0.13 or later already contain this line. However, Web sites upgraded from 1.0.12 or earlier are missing this line. All this upgrade does is add that line to the configuration.php file if that line does not already exist. Another way to address the vulnerability is to simply add the line to your configuration.php file manually.

Backing Up

Before starting an upgrade, it's extremely important that you backup your site's database and files. While we try to ensure that upgrade processes are straightforward, we cannot guarantee that this will always be the case for every user. For specific questions on how to backup your site's database or files, you should contact your hosting provider.