Actions

Difference between revisions of "What is a vulnerable extension?"

From Joomla! Documentation

(added links to vulnerable extension list)
m (removing link which is found in two places on this page, adding another)
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
A [[Vulnerable_Extensions_List_oct|vulnerable extension]] is one that has been found to contain (or contribute to) a security vulnerability.
+
A '''vulnerable extension''' is one that has been found to contain (or contribute to) a [[security]] vulnerability.
  
 
Vulnerable extensions are not necessarily poorly-coded. As the Web evolves, technical requirements and commonly accepted coding practices change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to:
 
Vulnerable extensions are not necessarily poorly-coded. As the Web evolves, technical requirements and commonly accepted coding practices change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to:
Line 6: Line 6:
 
# Use only the latest stable version of all extensions.
 
# Use only the latest stable version of all extensions.
 
# Completely remove all files of insecure or unused extensions.
 
# Completely remove all files of insecure or unused extensions.
# Check the [[Vulnerable_Extensions_List_oct|Vulnerable Extension List]] on a regular basis and remove or update any extension version found to be vulnerable.
+
# Check the [[Vulnerable_Extensions_List|Vulnerable Extension List]] on a regular basis and remove or update any extension version found to be vulnerable.
  
[[Category:FAQ]]
+
A RSS feed is also available http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
 +
 
 +
<noinclude>[[Category:FAQ]]
 
[[Category:Administration FAQ]]
 
[[Category:Administration FAQ]]
 
[[Category:Installation FAQ]]
 
[[Category:Installation FAQ]]
[[Category:Version 1.5 FAQ]]
+
[[Category:Security FAQ]]</noinclude>

Latest revision as of 22:03, 17 October 2012

A vulnerable extension is one that has been found to contain (or contribute to) a security vulnerability.

Vulnerable extensions are not necessarily poorly-coded. As the Web evolves, technical requirements and commonly accepted coding practices change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to:

  1. Know the version numbers of all installed extensions.
  2. Use only the latest stable version of all extensions.
  3. Completely remove all files of insecure or unused extensions.
  4. Check the Vulnerable Extension List on a regular basis and remove or update any extension version found to be vulnerable.

A RSS feed is also available http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions