Difference between revisions of "Security hotfixes for Joomla EOL versions"

Revision as of 17:07, 2 January 2016

Other languages:

Deutsch • ‎English • ‎Nederlands • ‎eesti • ‎español • ‎français

Warning!

Joomla!

3.10.12

is the current version

This page is for Joomla! versions which have reached EOL(end of life) and are no longer being developed or supported by the Joomla! project. Issues and items are only listed on this page as a benefit to the users of EOL versions who have not migrated to a supported version yet.

It is strongly recommended you update your websites to a supported Joomla! version ASAP.

Joomla! 2.5[edit]

Remote Code Execution[edit]

There is a security issue in Joomla! from Joomla 1.5 up until 3.4.5 related to remote code execution. This was followed up with some longer term fixes in Joomla 3.4.7

21 December 2015[edit]

Read the Security Centre for details.
Download the Session Hardening Patch and manually apply per instructions.

Joomla! 1.5[edit]

Although Joomla! 1.5 has reached EOL(end of life), if there is a critical security issue with a fix it may be reported here.

Remote Code Execution[edit]

There is a security issue in Joomla! from Joomla 1.5 up until 3.4.5 related to remote code execution. This was followed up with some longer term fixes in Joomla 3.4.7

21 December 2015[edit]

Read the Security Centre for details.
Download the Session Hardening Patch and manually apply per instructions.

File Upload Security Patch[edit]

There is a security issue in all versions of Joomla! related to unauthorized file uploads.

Read the Issue Tracker Item for details.
Download the File Upload Security Patch and manually apply per instructions.

File Upload Security Patch Update Instructions:

Download & Unpack the security patch
Upload patch files via ftp directly to the root of your Joomla! installation, overwriting existing files.

Flash Uploader[edit]

The flash uploader has been removed from Joomla! 2.5 and Joomla! 3 for security reasons. 1.5 users should do the same and can do so first by removing the file and then by setting the option for it to off.

@@ Line 2: / Line 2: @@
 {{Warning|'''<translate><!--T:1-->
 Do not rely on all security issues being patched or reported for EOL (end of life) versions.</translate>'''}}
+{{Joomla version|version={{CurrentSTSVer|maintenance}}|comment=<translate><!--T:18-->
+is the current version</translate>}}
 <translate>
 <!--T:2-->
@@ Line 12: / Line 13: @@
 It is '''strongly recommended you update your websites''' to a supported Joomla! version ASAP.
 </translate>
+__NOTOC__
 <translate>
 == Joomla! 2.5== <!--T:4-->
 === Remote Code Execution ===
-There is a security issue in Joomla! from Joomla 1.5 up until 3.4.6 related to remote code execution.
+There is a security issue in Joomla! from Joomla 1.5 up until 3.4.5 related to remote code execution. This was followed up with some longer term fixes in Joomla 3.4.7
+</translate>
-<!--T:13-->
+<translate>
-* Read the [https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html Security Centre] for details.
+==== 21 December 2015 ==== <!--T:26-->
-* Download the [https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix25v1.zip Remote Code Execution Patch] and manually apply per instructions.
 </translate>
+<translate><!--T:20-->
+* Read the [https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html Security Centre] for details.
+* Download the [https://github.com/joomla/joomla-cms/releases/download/3.4.7/SessionHardening25v1.zip Session Hardening Patch] and manually apply per instructions.</translate>
 <translate>
-== Joomla! 1.5 == <!--T:5-->
+== Joomla! 1.5 == <!--T:22-->
-Although Joomla! 1.5 has reached EOL(end of life), if there is a critical security issue with a fix it may be reported here.
+</translate>
-</translate>
+<translate><!--T:23-->
+Although Joomla! 1.5 has reached EOL(end of life), if there is a critical security issue with a fix it may be reported here.</translate>
 <translate>
@@ Line 32: / Line 37: @@
 </translate>
 <translate><!--T:15-->
-There is a security issue in Joomla! from Joomla 1.5 up until 3.4.6 related to remote code execution.</translate>
+There is a security issue in Joomla! from Joomla 1.5 up until 3.4.5 related to remote code execution. This was followed up with some longer term fixes in Joomla 3.4.7</translate>
-<translate><!--T:16-->
+<translate>
-* Read the [https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html Security Centre] for details.</translate>
+==== 21 December 2015 ==== <!--T:27-->
-<translate><!--T:17-->
+</translate>
-* Download the [https://github.com/joomla/joomla-cms/releases/download/3.4.6/SessionFix15v2.zip Remote Code Execution Patch] and manually apply per instructions.</translate>
+<translate><!--T:24-->
+* Read the [https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html Security Centre] for details.</translate>
+<translate><!--T:25-->
+* Download the [https://github.com/joomla/joomla-cms/releases/download/3.4.7/SessionHardening15v1.zip Session Hardening Patch] and manually apply per instructions.</translate>
-<translate>===File Upload Security Patch=== <!--T:6--></translate>
+<translate>
+=== File Upload Security Patch === <!--T:6-->
+</translate>
 <translate><!--T:7-->
 There is a security issue in all versions of Joomla! related to unauthorized file uploads.
@@ Line 55: / Line 65: @@
 <translate>
 ==See also== <!--T:10-->
 ===Joomla! 1.5===

Difference between revisions of "Security hotfixes for Joomla EOL versions"

From Joomla! Documentation

Revision as of 17:07, 2 January 2016

Joomla! 2.5[edit]

Remote Code Execution[edit]

21 December 2015[edit]

Joomla! 1.5[edit]

Remote Code Execution[edit]

21 December 2015[edit]

File Upload Security Patch[edit]

Flash Uploader[edit]

See also[edit]

Joomla! 1.5[edit]

Joomla! 2.5[edit]

Joomla! 3.4[edit]