Joomla! 4.2.8 is now available. This is a security release for the 4.x series of Joomla! which addresses a critical security vulnerability in the web services API. We strongly recommend that you update your sites immediately.
This release only contains the security fix; no other changes have been made compared to the Joomla! 4.2.7 release.
After the release, we strongly advise you to renew the passwords for all credentials that are stored in the global site configuration, namely:
The issue has been reported in a responsible disclosure process, there have been no signs of exploitation on public sites.
 - Core - Improper access check in webservice endpoints
On the Downloads site, of course :)
New installation instructions and technical requirements
We have tutorials to help you with Joomla 4. Creating a Plugin or a Module for Joomla 4, namespaces conventions, prepared statements, using the new web asset classes and many more.
We encourage developers to help write the documentation about Joomla 4 on docs.joomla.org to help and guide users and other extension developers.
A JDocs page will help developers to see the existing documentation, and the documentation still needed.
We invite you to check it regularly, update it and provide the missing content: https://docs.joomla.org/JDOC:Joomla_4_Tutorials_Project
Joomla 4.2 is Joomla’s latest major version.
Joomla 3.10 will continue to be supported with security fixes until 17th August 2023, giving you plenty of time to plan your migration to Joomla 4 and update your extensions (if required) to become Joomla 4 compatible versions.
As it is now more a year since the release of J4.0, you should be planning or in the process of migrating to the latest version of Joomla.
We provide resources to help with the migration on the documentation site.
Get the message out about the great new features using the hashtag #Joomla4 and #Joomla4All.
J4 Brochure: https://joom.la/J4brochure
J4 Documentation: https://docs.joomla.org/J4.x:Getting_Started_with_Joomla!
Do you need to make a website? For personal use, your work, a charity, not for profit. Perhaps a university, local government, then Joomla is for you.
A web agency needs a well-supported framework that can grow as your clients' needs grow. Then Joomla is for you.
Written by volunteers from every sector, it's used all over the internet for all kinds of projects: from blogs and intranets to national government sites. From small shops to world-leading brand sites, Joomla is capable of growing to fit your needs.
Joomla’s power comes from its ever-evolving code base, keeping up with best practices, but also from its large ecosystem of developers who see opportunities in the market and fill those gaps with good software designed to meet real-world needs.
Joomla 4.2.8 is the latest in a world-class CMS that allows you to start your website knowing it can grow with your needs and scale with your customers.
All this, and Joomla 4 is free to use and open-source software.
What are you waiting for? Install today and grow your future.
There are a variety of ways in which you can get actively involved with Joomla. It doesn't matter if you are a coder, an integrator, or a user of Joomla. You can contact any of our volunteer engagement team to get more information, or if you are ready, you can jump right into the Joomla! Bug Squad.
The Joomla! Bug Squad and the CMS Release Team are some of the most active teams in the CMS development process and are always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. A great way for increasing your working knowledge of the Joomla code base, and also a great way to meet new people from all around the world.
The Project also wants to thank all the contributors who have taken the time to prepare and submit work to be included in the Joomla CMS and Framework.
A Huge Thank You to Our Volunteers!
Joomla 4.2.8 is the result of thousands of hours of work by lots of volunteers.
A Huge Thank You goes out to everyone that contributed to this release!
If you are an extension developer, please make sure you subscribe to the general developer mailing list, where you can discuss extension development. News that may affect custom development will also be posted there from time to time.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.