Log in

Login to your account

Username *
Password *
Remember Me
Joomla 3.8.13 is now available. This is a security release for the 3.x series of Joomla which addresses 5 security vulnerabilities....
 
Home /Security Announcements / [20181001] - Core - Hardening com_contact contact form Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20181002] - Core - Inadequate default access level for com_joomlaupdate Joomla! CMS Joomla! Framework...
 
Home /Security Announcements / [20181003] - Core - Access level Violation in com_tags Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20181004] - Core - ACL Violation in com_users for the admin verification Joomla! CMS Joomla! Framework...
 
Home /Security Announcements / [20181005] - Core - CSRF hardening in com_installer Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
A CMS-powered website has all the ingredients for an IT security nightmare: it is publicly accessible, it’s running on powerful machines with great connectivity and the underlying system is used countless times around the globe, making it an attractive target for attackers. The Joomla Security Strike Team (JSST) is working hard to make sure...
 
Joomla 3.8.12 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements....
 
Home /Security Announcements / [20180801] - Core - Hardening the InputFilter for PHAR stubs Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20180802] - Core - Stored XSS vulnerability in the frontend profile Joomla! CMS Joomla! Framework...
 
Home /Security Announcements / [20180803] - Core - ACL Violation in custom fields Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
13 years ago, we set out with a vision – to develop a CMS that stood firm on its Open Source values. Instantly, the community was behind us – with more than a thousand people joining our project within just one day. Fast forward 13 years and you could say that we’ve come a long way. 14 versions in (major/minor), Joomla! now...
 
Joomla 3.8.11 is now available. This is a bug fix release for the 3.x series of Joomla including over 35 bug fixes and improvements....
 
Joomla 3.8.10 is now available. This is a bug fix release addressing one bug introduced into 3.8.9 which affects Windows servers....
 
Joomla 3.8.9 is now available. This is a security release which addresses 2 security vulnerabilities and contains over 50 bug fixes and improvements....
 
Home /Security Announcements / [20180601] - Core - Local File Inclusion with PHP 5.3 Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20180602] - Core - XSS vulnerability in language switcher module Joomla! CMS Joomla! Framework Resources Mailing Lists...
 

Update on Joomla 4

Following the release of Joomla 4.0 Alpha 3, the Joomla 4 Working Group has published below a status update on the anticipated release of Joomla 4....
 
The Joomla Project and CloudAccess.net are equally excited to announce the launch of launch.joomla.org, the brand new platform to launch a free Joomla website and test upcoming releases to support the project by helping make our CMS the best it can be....
 
Joomla 3.8.5 is now available. This is a bug fix release for the 3.x series of Joomla fixing regressions which were reported after the 3.8.4 release....
 
Joomla 3.8.4 is now available. This is a security release for the 3.x series of Joomla addressing four security vulnerabilities and including over 100 bug fixes and improvements....
 
Home /Security Announcements / [20180101] - Core - XSS vulnerability in module chromes Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20180102] - Core - XSS vulnerability in com_fields Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20180103] - Core - XSS vulnerability in Uri class Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20180104] - Core - SQLi vulnerability in Hathor postinstall message Joomla! CMS Joomla! Framework...
 
There are many fine achievements to reflect on as we look back on 2017. Most importantly the Joomla Project wants to say a massive "thank you" to all our volunteers. As an open source project, Joomla can only achieve what it does with the valuable contributions of our extensive global community of hard-working volunteers. On behalf of the Joomla...
 
New York - December 15, 2017The FCC (Federal Communications Commission) vote on Thursday December 14, 2017 to repeal Net Neutrality, while unfortunately expected, is tremendously disappointing to all believers of an open and free internet.Open Source Matters, Inc. and the Joomla Community believe wholeheartedly in content creation and...
 
Joomla 3.8.3 is now available. This is a bug fix release for the 3.x series of Joomla which includes over 60 bug fixes and improvements....
 
Who is A2 Hosting? It’s likely that you’re already familiar with A2 Hosting. Not only are they an active Joomla! Community member and have sponsored Joomla! and our community, they have been hosting Joomla! sites since their launch back in 2003....
 
With the prospect of Joomla 4 next year we would like to raise awareness on the must of upgrading to PHP 7. Joomla 4 will require PHP 7 to run, as stated in this announcement. Most hosts already offer PHP 7 in their packages and it should be fairly easy to change your PHP version. (Hint: before you do, make sure you backup) If not, contact your...
 
The Joomla Project is pleased to announce the availability of Joomla 4.0 Alpha 1for download....
 
Home /Security Announcements / [20171101] - Core - LDAP Information Disclosure Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20171102] - Core - 2-factor-authentication bypass Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20171103] - Core - Information Disclosure Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20170901] - Core - Information Disclosure Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20170902] - Core - LDAP Information Disclosure Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Home /Security Announcements / [20170704] - Core - Installer: Lack of Ownership Verification Joomla! CMS Joomla! Framework Resources Mailing Lists...
 
Joomla! 3.6.2 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes some bugs in email cloaking and sessions from Joomla! 3.6.1.
 
During the latest release of Joomla! 3.6.1 an issue emerged because of a security fix. 3.6.1 introduced a CSRF token check to the Joomla! Update component as an extra level of security to fix a Medium Level security issue. 3.6.0 down to 2.5.4 (every Joomla! release with the update...
 
Joomla! 3.6.1 is now available. This is a security release for the 3.x series of Joomla. This release fixes several low level security issues. We strongly encourage you update your sites.
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 

Joomla! 3.6 is Here

The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.6 as the latest in the 3.x series. Joomla! 3.6 introduces more than 400 improvements, including many features which make administration of Joomla! Web sites easier and more feature-rich, as well as many UX (user experience) improvements.
 
The Joomla! Project is pleased to announce the availability of Joomla! CMS 3.6 Release Candidate 2. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.6 release.
 
The Joomla! Project is pleased to announce the availability of Joomla! CMS 3.6 Release Candidate. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.6 release.
 
The Joomla! Project is pleased to announce the availability of Joomla! CMS 3.6 Beta 2. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.6 release.
 
The Joomla! Project is pleased to announce the availability of Joomla! CMS 3.6 Beta 1. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.6 release.
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Mark Dexter & Louis Landry...
 
Lack of CSRF checks potentially enabled uploading malicious code.
 
Inadequate checking of the return value allowed to redirect to an external page.
 
Joomla 3.4.3 is now available. This is a maintenance release for the Joomla 3 series. We strongly encourage you update your sites.
 
New York, NY, - March 30th, 2015 Joomla!, one of the world’s most popular open source content management systems (CMS), is proud to announce its partnership with Glip—the business messaging app with built-in productivity tools. The partnership will enable Joomla! to streamline com...
 
The Joomla! Project and the Production Leadership Team are proud to announce the release of Joomla! 3.4.1. This is a maintenance release for the 3.x series of Joomla! and addresses issues introduced in 3.4.0 with installing certain extensions and content languages access.
 

Joomla! 3.4 is Here

Image Credit: Chiara Aliotta and Helvecio Da Silva
 
The Joomla! Project is pleased to announce the availability of the Joomla! 3.4 Release Candidate. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.4 release.
 
Joomla! 3.4 is almost ready!
We have revised the launch timeline slightly to ensure we can get everything up to the quality levels we all would like, and to ensure thorough testing on as many environments as possible.
 
The Joomla! Project is pleased to announce the availability of Joomla! 3.4 Beta 2. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.4 release.
 
The Joomla! Project is pleased to announce the availability of Joomla! 3.4 Beta 1. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.4 release.
 
New York, NY, - January 20, 2015 - Joomla, one of the world’s most popular open source content management systems (CMS), announced today the launch of its new service: Joomla.com. Users can now create and build freely hosted Joomla websites. The project is run in partnership...
 
Joomla Community Magazine | December 2014...
 
Image credit: Helvecio
 
Inadequate checking allowed the potential for remote files to be executed.
 
Inadequate checking allowed the potential for a denial of service attack.
 
Inadequate escaping leads to XSS vulnerability in com_media.
 
Inadequate checking allowed unauthorised logins via LDAP...
 
Inadequate escaping leads to SQL injection vulnerability.
 
Inadequate escaping leads to XSS vulnerability.
Joomla! CMS versions 2.5.18 and earlier...
 
Inadequate escaping leads to XSS vulnerability in com_contact.
 
Inadequate checking allowed unauthorised logins via GMail authentication.
 
Inadequate filtering leads to XSS vulnerability in com_contact.
 
Inadequate filtering leads to XSS vulnerability in com_contact.
 
Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.