Joomla 4.2.8 Security Release

Joomla! 4.2.8 is now available. This is a security release for the 4.x series of Joomla! which addresses a critical security vulnerability in the web services API. We strongly recommend that you update your sites immediately.

This release only contains the security fix; no other changes have been made compared to the Joomla! 4.2.7 release.
After the release, we strongly advise you to renew the passwords for all credentials that are stored in the global site configuration, namely:

database SMTP Redis HTTP proxy

The issue has been reported in a responsible disclosure process, there have been no signs of exploitation on public sites.

Security issue fixed with 4.2.8

[20230201] - Core - Improper access check in webservice endpoints
More Information

Where can I download Joomla 4.2.8?

On the Downloads site, of course :)

Continue reading

Copyright

© Joomla.org

  313 Hits

The December Issue

The December Issue

The JCM Team is proud to present you the December Issue of the Joomla! Community Magazine.

This month’s edition features:

An article from Philip Walton about the recent Joomla market share trends. Nicholas Dionysopoulos explained how to upgrade to PHP 8.x. Marc Dechèvre shared a case study on a multilingual website with multiple domains. Daniel Dubois published the third episode on how to use Joomla for business. Philip Walton wrote an article on the Search system. Hans van der Meer published a piece on the challenges of Joomla's social media managers. Philip Walton published an article on Playbooks and other powerful features of Mattermost. Anja de Crom wrote an article on how to act when you disagree with a JCM article. Hans van der Meer interviewed the Forum Team as part of the Meet a Team series. Abu Huraira published an article on Quix, as part of the Page Builders series. Louise Hawkins wrote an article on Google Analytics reports and custom events. Anja de Crom shared the marketing initiative to collect festive wishes from Joomlers. The Editors of the JCM shared the highlights of the magazine for 2022.

This release wouldn't have been possible without the work of the Community Magazine Team, all the authors and all the people who allowed us to interview them.

On behalf of the JCM Team, we also would like to take this opportunity to celebrate the birthday of our Team Lead and Co-Editor Anja de Crom! Happy birthday!

Continue reading

Copyright

© Joomla.org

  477 Hits

Joomla Community Magazine highlights of 2022

Joomla Community Magazine highlights of 2022

As 2022 comes to an end, it’s time to reflect on what happened in the Joomla Community Magazine in the past twelve months. Team members Luca Marzo, Anja de Crom, Hans van der Meer and Phil Walton look back on the past year and forward to the next.

If you could pick just one favorite article from 2022, what would it be?

Luca: My favorite article is not just one, but a series: Joomla Performance Tuning series by Nicholas Dionysopoulos. He wrote five episodes on how to get the most performance out of a Joomla 4 website. 

Anja: definitely 17 Joomlers share 17 Joomla 4 websites. For this one we asked Joomlers to share the Joomla 4 sites they’re most proud of, and this resulted in an article that shows a very broad spectrum of Joomla websites. This article was so much fun to put together!

Hans: as an author I definitely have to say the interview with Julian White. We had a nice mail conversation back and forth and he had a lot to share in this interview.

Continue reading

Copyright

© Joomla.org

  450 Hits

Send Joomla your holiday wishes!

Send Joomla your holiday wishes!

1 minute reading time (244 words)

This time of the year means holiday season in the Joomniverse! Whatever holiday you’re celebrating, we’d love it if you share the holiday happiness with us, your fellow Joomlers from around the corner or the other side of the globe. Check out how you can do this in a few simple steps (yes, we love tutorials at the JCM)!

Step 1

Put on your nicest clothes.

Step 2

Download Joomla’s special holiday PDF here: https://community.joomla.org/blogs/community/happy-holidays-2022.html

Continue reading

Copyright

© Joomla.org

  419 Hits

Google Analytics GA4 Reporting...

Google Analytics GA4 Reporting...

Last month we looked at GA4 events and how GA4 collects data. This month we're going to look at how GA4 reports data, the standard reports and how we can customise those reports…

Standard GA4 Reports…

You can access the GA4 reports simply by clicking the Reports Icon on the left-hand side. This will display a menu of available reports, including a Reports snapshot, a Realtime report and many predefined reports.

 

Here is a quick summary of the types of available reports.

Continue reading

Copyright

© Joomla.org

  220 Hits

The November Issue

The November Issue

The JCM Team is proud to present you the November Issue of the Joomla! Community Magazine.

This month’s edition features:

An interview to Joomla extensions developers about their J4 experience by Hans van der Meer. Hans interviewed the Joomla Experience Team as part of the Meet a Team series. The second episode of the Using Joomla in your Business series by Daniel Dubois. An interview to Andrew Barber as part of the Meet a Joomler series by Hans van der Meer. Anja de Crom interviewed Daniel Dubois regarding his TemplateJoomla project. Angie Radtke explained How the Accessibility Team works. SD Williams presented the ways to contribute to Joomla 4.3 release.  Michael Russell wrote an article about PHP 7 approaching its End Of Life. Louise Hawkins wrote an article about Google Analytics 4 Events. Philip Walton introduced the move from RingCentral to Mattermost for the Joomla community communication. Peter Martin explained how his Joomla 4 website got hacked. Crystal Dionysopoulos shared a follow up of the Joomla Out of the Box challenge. Philip Walton explained how to contribute to Joomla through Documentation.

This release wouldn't have been possible without the work of the Community Magazine Team, all the authors and all the people who allowed us to interview them.

Thanks to all those who participated.

Continue reading

Copyright

© Joomla.org

  402 Hits

How you can help Joomla 4.3 forward

How you can help Joomla 4.3 forward

Here in the United States, the month of November brings with it thoughts of thankfulness and a spirit of giving. With that in mind, Olivier Buisard and I wanted to share a word of thanks.

Continue reading

Copyright

© Joomla.org

  449 Hits

GA4 Events and More!

GA4 Events and More!

Last month we looked into the setup of GA4; this article will do a quick recap on the way GA4 collects data and a deep dive into GA4 events.

How GA4 Data Differs From UA Data

Described by Google as the future of measurement, GA4 collects website and app data to understand the customer journey better and predict user behaviour. GA4 uses different logic in terms of data collection and structure.

Continue reading

Copyright

© Joomla.org

  403 Hits

TemplateJoomla: your resource for Joomla 4 templates

TemplateJoomla: your resource for Joomla 4 templates

When you ask people why they haven’t migrated their Joomla 3 site to Joomla 4 yet, often the answer is that they’re hesitant because they haven’t found a template to replace their J3 one.

If you don’t want to dive into Joomla’s core template Cassiopeia and are looking for a beautiful template for your Joomla 4 website, TemplateJoomla makes it very easy for you. JCM interviews Daniel Dubois, the creator behind it.

Before we start talking about TemplateJoomla, could you tell us a little about yourself? 

Hello everyone. I’m Daniel, a French webmaster based in Brittany (France) and working exclusively with Joomla since 2014, when I created my business as site builder. 

My Joomla profiles are here: 

Continue reading

Copyright

© Joomla.org

  386 Hits

Document Buddies - making Joomla better without writing a line of code

Document Buddies - making Joomla better without writing a line of code

Many things are attributed to Albert Einstein which probably never left his mouth, but one that seems to stick is:

If you can't explain it simply, you don't understand it well enough.

When this is applied to explaining new ideas to people, the new feature you want to get into the Joomla core, simplicity is often a good place to start.

But simplicity is a tough thing to achieve. When looking at great design, code, and inventions, there will be a graveyard of discarded ideas, lines and prototypes on which it is built.

There is a huge amount of craft that takes the fledgling idea and transforms it from a crude idea into a well thought out finished feature.
Once you have honed that new must-have idea, next is the problem of testing, writing it up and describing the use cases.

Continue reading

Copyright

© Joomla.org

  392 Hits

Meet the Team: Joomla Experience Team

Meet the Team: Joomla Experience Team

While our beloved Joomla CMS is of high quality there are always things to improve. This can be because of changes in how the internet looks at things or just that something works better another way. The Joomla Experience Team is working on this. But I will let them explain it much better than I can in the following team interview.

Continue reading

Copyright

© Joomla.org

  389 Hits

The October Issue

The October Issue

The JCM Team is proud to present you the October Issue of the Joomla! Community Magazine.

This month’s edition features:

  • an article about the Joomla 4.2 Multi-Factor Authentication by Philip Walton
  • an article presenting features of Joomla 4.2: Keyboard shortcuts, User-defined columns by Philip Walton.
  • a tutorial on how to add PDF files to your articles by Anja de Crom.
  • a tutorial on how to create a reading progress bar for your articles by Michael Russell.
  • a tutorial on how to migrate to Google Analytics 4 from Philip Walton and Louise Hawkins.
  • an article presenting the testing tools used by Joomla written by Hannes Papenberg.
  • a recap about the recent JoomlaDay DACH from Florian Bauer.
  • an article about the importance to logout from a website by Michael Russell.
  • the plan of quarterly goals for the Production Department by Philip Walton.
  • the first article of a series on how to use Joomla for your Business by Daniel Dubois.
  • an interview to Stefanie Thielmann by Hans van der Meer, as part of the Meet a Joomler series.

This release wouldn't have been possible without the work of the Community Magazine Team, all the authors and all the people who allowed us to interview them.

Thanks to all those who participated.

Continue reading

Copyright

© Joomla.org

  419 Hits

Explore the Core: Easily embed PDFs in your Joomla content

Explore the Core: Easily embed PDFs in your Joomla content

You probably know how to place images, maybe even videos in your Joomla articles. But did you know you can add PDFs that your visitors can read without having to open or download them first? It's super easy! And the good part: you don't even have to install an extension to do it. The functionality is built right into the Joomla 4 core. Here's how you do it.

Your first step is to create an article, or open the article that will have the PDF in it. Determine where you want it to show and put your cursor there.

In the editor (I use the built-in editor, TinyMCE), on the left above the content area, there's a nice button called CMS Content. If you click it, you see a list of things you can add. Pick Media.

The Media pop-up opens. Click the Upload button in the top left corner to upload a file from your computer.

Continue reading

Copyright

© Joomla.org

  440 Hits

But I really do need Google Analytics 4, show me how to add it.

But I really do need Google Analytics 4, show me how to add it.

In my previous article: “As Googles Universal Analytics comes to a close, what alternatives if any do you need?” we explored Google Analytics' origin story. Took a look at whether Analytics is even right for all sites, and the impact just adding Analytics defacto can have.

And we touched on one of the alternatives out there.

Join me now in a deep dive into the setup of GA4

So reading the last article didn't persuade you otherwise? Then https://marketingplatform.google.com/about/ is the place for you to start the dive into GA4.

Continue reading

Copyright

© Joomla.org

  329 Hits

Google Summer of Code 2022: Joomla did it for the 14th time!

Google Summer of Code 2022: Joomla did it for the 14th time!

Joomla did it for the 14th time! We are proud to announce that our application as a mentoring organisation for the 2022 Google Summer of Code™ program (GSoC) has been accepted with our individual entry here!

With a lot of things changed for this year's Google Summer of Code, Joomla is excited to welcome a bigger audience than ever before. This year, contributors are not confined to college students, the eligibility criteria have been opened right up.

We have also been onboarding External Mentors for the first time ever. Joomla can learn from their different skills and mindset, their perspective from outside the organisation.

Joomla would like to thank all our mentors who have pledged to give their time and expertise to help make this GSoC the best ever.

Continue reading

Copyright

© Joomla.org

  865 Hits

Meet the Joomla User Groups Team

Meet the Joomla User Groups Team

Did you ever feel like you’re the only Joomla user in the village, and wish you could meet Joomlers in your neighborhood? You might join a Joomla User Group, and if there isn’t one where you live, create one. Joomla has people who can help you find, run or create a Joomla User Group. They’re called - you could have guessed it - the Joomla User Groups Team, and they’re here for you. This month the JCM has the pleasure to meet four of them!

What is the team’s main goal?

Todd Woodward: We want to encourage and support existing Joomla User Groups, and foster the creation of new JUGs.  

Ahmad Moussa: We want to encourage and support all existing and new local Joomla User Groups that are being organized by the community to meet Joomla users in real life to share Joomla knowledge. We are also planning to create and support a new directory for online Joomla Users Groups which can help Joomlers to meet online from anywhere and anytime without any constraints as many organizers and Joomlers couldn’t attend face to face or in-person meetings due to Covid-19 pandemic.

What is your place in Joomla’s ecosphere?

Todd: I can't speak for the rest of the team, but the JUGs are the grassroots. They are where people can meetup, learn from others about Joomla, and brainstorm possible ways to create Joomla sites. We want to foster that active participation and, hopefully, make members of these JUGs future team members and project volunteers.

Continue reading

Copyright

© Joomla.org

  910 Hits

Joomla! is the Best Free CMS and Best Open Source CMS by 2021 CMS Critic Awards

While Joomla has made it a habit to win one of the key CMS Critic awards in years gone by, this year, we’ve doubled up and won two awards!

In December 2021, everyone was invited to nominate their favourite platform across a set of categories, with the top three nominees being selected and featured for general voting.

On March 29th 2022, CMS Critic announced that Joomla! won Best Free CMS and Best Open Source CMS.

Here is what the CMS Critic People’s Choice Awards had to say about Joomla winning the awards:

‘Best Free CMS: Joomla’

Continue reading

Copyright

© Joomla.org

  918 Hits

Joomla 4.1.2 and 3.10.8 Release

Joomla 4.1.2 & 3.10.8 is now available. This is a security release for both the 4.x and the 3.x series of Joomla which address a few security vulnerabilities and contains various bug fixes and improvements.

What's in 4.1.2?

Joomla 4.1.2 includes all security patches from 4.1.1 except 20220303 that has been reverted due to implementation issues.

Security Issues Fixed with 4.1.1

[20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220307] Low Severity - Moderate Impact - Variable Tampering on JInput $_REQUEST data (affecting Joomla! 4.0.0 through 4.1.0) More information [20220308] Low Severity - Moderate Impact - Inadequate content filtering within the filter code  (affecting Joomla! 4.0.0 through 4.1.0) More information [20220309] Low Severity - Moderate Impact - XSS attack vector through SVG (affecting Joomla! 4.0.0 through 4.1.0) More information

Bug fixes and Improvements

Fix language strings behaviour in TinyMCE Fix switch for syntax highlighting in TinyMCE Show failed tasks in scheduler Correct usage of Jooa11y parameters Codemirror enhancements Several 8.x PHP fixes

Visit GitHub for the full list of bug fixes.

What’s in 3.10.8?

Joomla 3.10.8 includes all security patches from 3.10.7 except 20220303 that has been reverted due to implementation issues:

Security Issues Fixed with 3.10.7

[20220301] Low Severity - Moderate Impact - Zip Slip within the Tar extractor (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220302] Low Severity - Low Impact - Path Disclosure within filesystem error messages (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220304] Low Severity - Moderate Impact - Missing input validation within com_fields class inputs (affecting Joomla! 3.7.0 through 3.10.6) More information [20220305] Low Severity - High Impact - Inadequate filtering on the selected Ids (affecting Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0) More information [20220306] Low Severity - Low Impact - Inadequate validation of internal URLs  (affecting Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0) More information

Bug fixes and Improvements with 3.10.7

Visit GitHub for the full list of bug fixes.

Continue reading

Copyright

© Joomla.org

  761 Hits

The March Issue

The March Issue

March

The JCM Team is proud to present you the March Issue of the Joomla! Community Magazine.

This month’s edition features:

Nicholas Dionysopoulos published the 4th part of the Joomla 4 Performance series: Site Building Calisthenics. An article about the new Accessibility Add-ons included in Joomla 4.1 by Viviana Menzel A presentation fo the brand new Joomla! Task Scheduler added to Joomla 4.1 by Brendan Hedges A double interview with Benjamin Trenkle and Harald Leither, recently elected as Department Coordinators. An article about Balbooa Gridbox as part of the Page Builder series, by Kuba Jurkiewicz. Anja de Crom interviewed the Joomla Documentation Team as part of the Meet a Team series. Søren Beck Jensen interviewed Roland Dalmulder as part of the Meet a Joomler series. Marc Dechèvre published an article on Customizing Joomla 4's Smart Search Results Pages. Søren Beck Jensen interviewed some members of the Joomla Forum Team. Astrid Günther shared a piece about the meaning of being part of a global community. Philip Walton wrote a Call for Volunteers to repopulate the Social Media Team.
Continue reading

Copyright

© Joomla.org

  786 Hits

What does it mean for me to be part of a global community, specifically the Joomla community?

What does it mean for me to be part of a global community, specifically the Joomla community?

I recently had an interesting conversation with my daughter. She couldn't believe I grew up in a house without a telephone. We got a phone when I was 13 years old. But the reason for getting it was primarily to keep in touch with my grandma. Just calling a friend was expensive at that time. Who you spent your free time with was determined by who lived nearby. Today, I enjoy not limiting my activities primarily to people in my local area. On the Internet, I can easily communicate with people who share my interests.

The question here is what it means to be part of a global community. It's hard for me to draw the line between when you are part of a community. Just like in any group, there are subgroups and different opinions. Who belongs to the community and who does not? Which is the right opinion? Since the initial question currently engaged me I felt targeted and so this text came about.

Working together with like-minded people

Active in the Joomla community, I was able to have a very interesting experience. I was a mentor in a Google Summer of Code project. The Indian student who worked on our team was the same age as my daughter. When it comes to your own family, you are often biased. Working with the student gave me a distancing insight into the world of someone just starting out in their professional life. I also became aware of the similarities between student life in Germany and India, and what is different in the other country. On the day when my biggest concern was to fix my daughter's favorite jeans properly, our student complained that his parents went to their country house a few days earlier than him and he was going to be alone in the city and had to cook his own food. As an aside, we didn't just work on the actual issue. We also discussed questions like "Someone asked me if I would like to work for them. I would like to earn money. But I'm not sure if I can finish my studies well in this case." Of course, such questions must be discussed primarily with parents and friends. But an opinion from more experienced people in the same field from another country is undoubtedly a valuable enrichment if you want to work internationally. And to get this opinion, participation in an international open source project is an ideal starting point.

Members appear and disappear

In the Joomla community there are many local groups: the Joomla User Groups or JUG's. Getting to know like minded people nearby is possible in many areas. I like this.
But: you never get to know other community members in person. I often wonder what happened to Joomers who were active for a while and then suddenly stopped. I was often surprised about my feelings when I heard stories of others I never knew personally. Also in conversations with other open source contributors I have noticed that one develops a relationship with people with whom one communicates only virtually. I wouldn't have thought that was possible 20 years ago. Last year, an active participant in a local Joomla forum suddenly stopped posting. I looked at her recent posts because I suspected a disagreement/conflict. Another user investigated further and found a death notice. As he published it, other posts made it clear that a large number of forum participants were very affected/concerned, even though they didn't know each other personally.

Continue reading

Copyright

© Joomla.org

  682 Hits