Joomla! has released a critical security update for its Content Management System (CMS) software to address multiple vulnerabilities. Joomla! states that the exploitation of these vulnerabilities may allow a remote attacker to take control of an affected website. Joomla! also urges users and administrators to update their sites with immediate effect.
New Version Released
The new version of Joomla! released as a security update for Joomla! 3.x is version 3.6.5.
The following vulnerabilities have been addressed of Joomla!
- High Priority - Core - Elevated Privileges (affecting Joomla! 1.6.0 through 3.6.4)
- Low Priority - Core - Shell Upload (affecting Joomla! 3.0.0 through 3.6.4)
- Low Priority - Core - Information Disclosure (affecting Joomla! 3.0.0 through 3.6.4)
- Security Hardening
Recommended Course of Action
- If Joomla! is being installed for the first time, it is recommended that users and administrators install version 3.6.5 (or newer). The link to download Joomla! 3.6.5 (new installation) is https://github.com/joomla/joomla-cms/releases/download/3.6.5/Joomla_3.6.5-Stable-Full_Package.zip , with instructions available at https://docs.joomla.org/J3.x:Installing_Joomla.
- It is recommended that users and administrators upgrade their current version of Joomla! to version 3.6.5. The link to download an upgrade to Joomla! (to version 3.6.5) is hhttps://github.com/joomla/joomla-cms/releases/tag/3.6.5 , with update instructions available at https://docs.joomla.org/J3.x:Updating_from_an_existing_version.
The Joomla! bulletin detailing this security update is available on page https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
It is recommended that users and administrators read the FAQ regarding the 3.6.5 release on page https://docs.joomla.org/Category:Version_3.6.5_FAQ.