How can we make it better?

How can we make it better?

The web has completely changed since its birth, 25 years ago. It has changed from a small niche group of users to a global user base in just a few years. Out have sprung the giants of Tech and the tools to produce and manage ever more content online. Over that time the ecosphere of web creation tools has changed. For example the advent of mobile phones has forced us to change the way we build our websites. Joomla has also had to evolve over the years to stay alive. Even a strong community and good quality code is not enough to keep your place in this competitive world. 

In 2014 I decided to help Joomla with the skills I had at hand. I became involved in many different projects. I got the chance to participate in several international meetings. Each of these meetings gave me the opportunity to get to know and exchange ideas with exceptional people from all over the world. Many have become my friends.

Today, I consider the Joomla community as my second family.

During these meetings, I have noticed the passion in the volunteers and the users to help our CMS progress. All of them are motivated by the same desire to see Joomla keep on growing thanks to the work of the enthusiastic teams and aided by its undeniable technical qualities.

As a result of this I tried to imagine how and what would significantly increase the number of Joomla users around the world.

Continue reading
  62 Hits
  0 Comments

Joomla 3.9.15 Release

Joomla 3.9.15 is now available. This is a security release for the 3.x series of Joomla which addresses three low security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.15?

Joomla 3.9.15 includes three security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

  • Low Priority - Core - CSRF in batch actions (affecting Joomla 3.0.0 through 3.9.14) More information »
  • Low Priority - Core - CSRF com_templates LESS compiler (affecting Joomla 3.0.0 through 3.9.14) More information »
  • Low Priority - Core - XSS in com_actionlogs (affecting Joomla 3.9.0 through 3.9.14) More information »

Bug fixes and Improvements

  • Beez Template: Fix the consent field modal #23205
  • Action Log emails: Use of absolute URLs #27432
  • TinyMCE fixes: #27498 #27519
  • User email addresses: Case insensitive management #24117
  • Prevent library extensions to overwrite core files #27300

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.15 release.

Continue reading

Copyright

© Joomla.org

  76 Hits
  0 Comments

Joomla 3.9.14 Release

Joomla 3.9.14 is now available. This is a security fix release for the 3.x series of Joomla which addresses two security vulnerabilities and contains over 35 bug fixes and improvements.

What's in 3.9.14?

Joomla 3.9.14 includes two security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - Path Disclosure in framework files (affecting Joomla 3.8.0 through 3.9.13) More information »
  • Low Priority - Core - Various SQL injections through configuration parameters (affecting Joomla 2.5.0 through 3.9.13) More information »

Bug fixes and Improvements

  • Improve PHP 7.4 compatibility #27190 #27219 
  • Fix incorrect id generated for input fields in repetable subform #27081
  • Fix Sample Data Learn #27100 #27101 #27102
  • Allow JSON Document caching #27161
  • Avoid errors when Joomla! gets outdated #27197
  • Show full video filename and preview icon in Media Manager #27230

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.14 release.

Continue reading

Copyright

© Joomla.org

  171 Hits
  0 Comments

JoomlaShack Conference Videos Now Available

js-conference-2019
 A few weeks ago was the JoomlaShack Conference.  This 3-day online event featured speakers from around the world.  The JoomlaShack team led by Steve Burge, worked with presenters to provide Joomlers with tips and tricks to help them on their Joomla Journey.  As if planning and moderating were not enough, they hav...
Continue reading
  239 Hits
  0 Comments

Pizza Bugs and Fun October 2019 was a roaring success!

Saturday the 19th october 2019 saw Pizza, Bugs and Fun sessions all around the world.  It was amazing, truly amazing!

25 countries were present for this edition, starting with our Australian friends and ending on the American West Coast with Asia, Africa, Europe filling in the middle of the day. Hundreds of Joomlers worked together with one single goal: Make Joomla 4 our best version yet!

More Joomlers than we can count joined together to smash bugs, eat pizzas and have a truly fun time together. It was really a fantastic success, as you can see from the statistics below.

With over 230 people from 25 countries, 250 pull request tests, 2000 documentation changes, 54 merged PR and around 50 found bugs, it was a huge success.

The board is very proud of the hard work done by the Global Community and would like to wholeheartedly thank all involved. The commitment was outstanding and the work done has been priceless in helping our Production Department to take a big leap forward towards releasing the first Beta of Joomla 4.

Continue reading
  167 Hits
  0 Comments

Joomla 3.9.13 Release

Joomla 3.9.13 is now available. This is a security fix release for the 3.x series of Joomla which addresses two security vulnerabilities and contains over 15 bug fixes and improvements.

What's in 3.9.13?

Joomla 3.9.13 includes two security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - CSRF in com_template overrides view (affecting Joomla 3.2.0 through 3.9.12) More information »
  • Low Priority - Core - Path Disclosure in phpuft8 mapping files (affecting Joomla 3.6.0 through 3.9.12) More information »

Bug fixes and Improvements

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.13 release.

Continue reading

Copyright

© Joomla.org

  364 Hits
  0 Comments

Joomla 3.9.12 Release

Joomla 3.9.12 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 30 bug fixes and improvements.

What's in 3.9.12?

Joomla 3.9.12 includes one security vulnerability fix and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - XSS in logo parameter of default templates (affecting Joomla 3.0.0 through 3.9.11) More information »

Bug fixes and Improvements

  • Fix for minyear and maxyear in the calendar #26119
  • Handle Google Font weights and styles in Protostar #25976
  • Fix user session on mssql server #23213
  • Protect SQL servers by adding pause mechanism to cli finder indexer #13502
  • Fix Imagelist custom field default image #26352

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.12 release.

Continue reading

Copyright

© Joomla.org

  493 Hits
  0 Comments

Joomla 3.9.11 Release

joomla-3911-sr
Joomla 3.9.11 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 25 bug fixes and improvements.What's in 3.9.11?Joomla 3.9.11 includes one security vulnerability fix and several bugs and improvements, including:Security Issues FixedLow Priority - Core - Hardenin...
Continue reading
  541 Hits
  0 Comments

Important Information Regarding JWC 2019

jwc19
 After a year without a JWC in 2018, the board were eager to bring together the Joomla! Community with a World Conference in 2019. London was chosen as a venue and the dates were announced for November 2019.Planning for this event was at an advanced stage and tickets were being sold. Then the deadline for Brexit was extended to 31st October 20...
Continue reading
  484 Hits
  0 Comments

Joomla 3.9.10 Release

Joomla 3.9.10 is now available. This is a bug fix release for the 3.x series of Joomla which addresses one bug introduced into 3.9.9, affecting template styles of multilingual web sites.

What's in 3.9.10?

Joomla 3.9.10 is fixing one bug introduced into Joomla 3.9.9 which affects the template styles of multilingual sites and results in lost data.

Please read this JDocs FAQ page to learn more about this issue and its fix.

IMPORTANT information for users who have already updated to 3.9.9 and faced this issue.
Due to a bad sql update, the template style mapping to content languages has been lost. Unfortunately, this is an unrecoverable error.
You must either:

  • Restore the data manually by upgrading to Joomla 3.9.10 and then manually editing each template style and using the "Default" Field to the language required 
  • Or restore a 3.9.8 backup of your sites to recover the data before updating to Joomla 3.9.10.


We would like to take a moment to apologise to our users. 
Whilst we understand that a release which introduces a major bug is always serious - in this case the bug involved actual data lost from sites. This is a red line for us. We are going to go away and look at how we can improve our release and testing strategies and report back to our users when this is complete, detailing how we aim to improve in the future.

Continue reading

Copyright

© Joomla.org

  524 Hits
  0 Comments

Joomla 3.9.9 Release

Joomla 3.9.9 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 30 bug fixes and improvements.

What's in 3.9.9?

Joomla 3.9.9 includes one security vulnerability fix and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - Filter attribute in subform fields allows remote code execution (affecting Joomla 3.9.7 through 3.9.8) More information »

Bug fixes and Improvements

  • Repeatable Custom Fields: fix to keep HTML tags #25189
  • Media Manager: Modal layout improved #22475
  • Voting: Cache cleaned after voting #25201
  • Article ordering: Items grouped by category first #25295
  • Batch system: Improvements for Contact and Newsfeed #25259

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.9 release.

Continue reading

Copyright

© Joomla.org

  518 Hits
  0 Comments

The Single Sign On, Identity and Consent Management on Joomla.org

Privacy Laws like GDPR introduced several new requirements that changed the way we think the data management and the pathway to the privacy compliance.

Read More ...

  446 Hits
  0 Comments

Joomla 3.9.8 Release

Joomla 3.9.8 is now available. This is a bug fix release for the 3.x series of Joomla which addresses one bug introduced into 3.9.7 which affects web sites using the French Help Server.

What's in 3.9.8?

Joomla 3.9.8 is fixing one bug introduced into Joomla 3.9.7, due to the removal of the French Help Server.

Visit GitHub for more information about this issue.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.8 release.

Copyright

© Joomla.org

  458 Hits
  0 Comments

Joomla 3.9.7 Release

Joomla 3.9.7 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 40 bug fixes and improvements.

What's in 3.9.7?

Joomla 3.9.7 includes three security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - CSV injection in com_actionlogs (affecting Joomla 3.9.0 through 3.9.6) More information »
  • Low Priority - Core - XSS in subform field (affecting Joomla 3.6.0 through 3.9.6) More information »
  • Low Priority - Core - ACL hardening of com_joomlaupdate (affecting Joomla 3.8.13 through 3.9.6) More information »

Bug fixes and Improvements

  • Batch system: Copy permissions of modules #24737 and categories #24730
  • Progessive cache improvements #20310
  • Fix to avoid duplicated custom fields in com_content #24516
  • RTL improvements #23107 #24722
  • Removal of the unofficial French Help Server #24927
  • TinyMCE improvements: #24978 #25037
  • RSS: Fix to display the right category #24932
  • Media Manager: Fix directory traversal for symlinked folders #24924
  • User registration: Correct http schema used #24089

Visit GitHub for the full list of bug fixes.

Note to users using the French Help Server: Please do not update to 3.9.7 and wait for 3.9.8

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.7 release.

Continue reading

Copyright

© Joomla.org

  480 Hits
  0 Comments

Joomla 3.9.6 Release

joomla-396
 Joomla 3.9.6 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 25 bug fixes and improvements.What's in 3.9.6?Joomla 3.9.6 includes one security vulnerability fix and several bugs and improvements, including:Security Issues FixedLow Priority - Core - XSS i...
Continue reading

Copyright

© Joomla.org

  505 Hits
  0 Comments

Joomla 3.9.5 Release

Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.5?

Joomla 3.9.5 includes three security vulnerabilities fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) More information »
  • High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) More information »
  • Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) More information »

Bug fixes and Improvements

  • User Password: Add minimum lowercase rule for password validation #24230
  • Associations tab: Fix wrong behaviour of Indonesian language #24244
  • Debug language: Fix User Actions Log Manager #24178
  • New installation language: Kazakh #24233
  • Google Authenticator plugin (2FA): QR-code generator implemented #24255

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.5 release.

Continue reading

Copyright

© Joomla.org

  603 Hits
  0 Comments

Kazakh Language Pack Added to Joomla! 3.9

Kazakh joins the officially released language packs for Joomla!, an award-winning Content Management System (CMS).

Read More ...

  563 Hits
  0 Comments

Because Open Source Matters … and Domains too!

It’s an exciting day for The Joomla Project and BRANDIT! 
As the consolidation and packaging of web services move forward, we are happy to announce the official launch of our domains platform (powered by BRANDIT), domains.joomla.org.

Every website starts with a domain name, and by offering domains directly from Joomla.org, our users gain a new way to help build their online presence whilst helping the project financially.  

Domains.joomla.org is a full domain registry service that gives Joomla a direct connection to TLD’s and Registrars. 
This partnership opens up new opportunities for sponsorship and special offers to the Joomla Community.  
As we launch the platform, two registrars have already sponsored several JoomlaDays, and BRANDIT has become a Platinum Sponsor of the Joomla Project.

Whether you are looking for a new domain name or to transfer your existing domain portfolio, domains.joomla.org is the perfect platform. Offering you a wide range of TLDs alongside a robust and intuitive industry leading control panel for domain management.  

It is that simple, get started today, together Joomla and BRANDIT make your domains feel at home!

Benefit from the special Offers for the launch!

.com

9.99€ for the first year and transfers

.club

0,99€ for the first year

.at

9.99€ for the first year

Copyright

© Joomla.org

  544 Hits
  0 Comments

Joomla 3.9.4 Release

Joomla 3.9.4 is now available. This is a security fix release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.

What's in 3.9.4?

Joomla 3.9.4 includes 4 security vulnerabilities fixes and several bugs and improvements, including:

Security Issues Fixed

  • High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3) More information »
  • Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3) More information »
  • Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3) More information »
  • Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3) More information »

Bug fixes and Improvements

  • User Terms (#23787) and Privacy Consent (#23660) plugins: Layouts for the label and message added
  • Featured articles: Page subheading added #23583
  • Custom formfield layout paths simplified #22645
  • Com_contact: Contact name field moved out of the Contact Information block #23563
  • Custom module: Improvement of the frontend editing #23741
  • Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.4 release.

Continue reading

Copyright

© Joomla.org

  590 Hits
  0 Comments

A Statement on the Recent Report by Check Point

A report by Check Point Research has been brought to our attention relating to a security vulnerability that was patched back in December 2015. This report has also been picked up by Threat Post.

Both reports contain a great deal of inaccuracies and intimate that the vulnerability detailed is a current one. 
This statement serves to clarify the facts surrounding this issue. Furthermore we would like to assure our user base that, much as these posts attempt to state that this is a current issue, the truth of the matter is far from that.

With this in mind, we would like to clarify a few points:

  • There is no current security issue with the JMail class.
  • The underlying issue, used to create and store the backdoor, is a PHP issue rather than a Joomla issue.
  • A successful attack is only possible with severely outdated PHP and Joomla versions that are more than 3 years out of date (PHP versions 5.4.45, 5.5.29, 5.6.13 and all higher versions are patched for this vulnerability). Please see our recent article about the importance of keeping your sites up to date here.
  • A mitigation for Joomla 1.5, 2.5 and 3 was released more than 3 years ago in December 2015. Patches for EOL versions were released alongside the Joomla 3.4.7 release. Patches for the other Joomla versions are still available here. The Joomla Project also distributed WAF rules to many shared hosting providers at the time of discovery to protect against common exploits of this vulnerability.
  • The file mentioned in Check Point's report is not a Joomla core file, it's a copy of the original class used by the attacker to obfuscate a backdoor.
  • The file does not "override" the core JMail class.

More information on the exploit

The pattern described by Check Point is a classic one - where an attacker exploits a well-known security issue. The issue is over 3 years old and stems from a security issue found in PHP, rather than the Joomla core.  More information on this issue can be found here:

By exploiting this issue an attacker can embed a backdoor in site, which can be used for malicious activity. In order to make detection as hard as possible, attackers often use copies of real application files (in this case a copy of Joomla's mailing class) to embed their exploit code. Those copies will never be used in normal application execution, so there's no "override" as claimed in the report, they simply used the file to obfuscate the actual backdoor.

Tags:

Copyright

© Joomla.org

  549 Hits
  0 Comments
Ask JUGCN!