Critical security fixes available affecting all Joomla versions

Published by Vic Drover on

The Joomla project has announced fixes for an urgent Joomla security issue affecting version 1.5 and greater. These updates follow on from a similar security announcement in the Spring.

So if you maintain a Joomla site built that was built in the last six or seven years, you likely have an urgent security issue to fix. 

Read on for help fixing your specific version of Joomla. 

Backup first

Before proceeding, be sure to perform and test a backup of your full site — database and files — should you run into troubles updating.

Joomla 3

If you are running Joomla 3, simply login to the backend of your site and navigate to the Joomla updater at the following URL:


Once there, follow the on-screen instructions to perform the update. Be sure you are updating to at least Joomla 3.1.5, the most recent version at the time of this writing.

Note: There is not specific updater for the Joomla 3.0 series, so performing this update will automatically move you to the 3.1 series if you are not already there.

Of course, if you use Watchful to manage your portfolio of Joomla websites, you can update them all to version 3.1.5 with just a click or two.

Joomla 2.5

Like Joomla 3, you can update your Joomla 2.5 sites from either the backend of your site or from your Watchful Dashboard. 

Be sure you are updating to at least Joomla 2.5.14, the most recent version at the time of this writing.

Joomla 1.6 and 1.7

There is absolutely no support for these versions of Joomla.

No patches have been released to address the issue mentioned above and they each have a number of other important security issues that make these versions of Joomla a very large risk for use on production web sites.

Joomla 1.6/1.7 users should migrate their sites to Joomla 2 or Joomla 3 immediately.

Joomla 1.5

Joomla 1.5 reached it’s end of life in the Fall of 2012 and as such is no longer supported. However, patch files were released for Joomla 1.5 that could be applied manually by FTP. 

To make this patch easier for webmasters, our colleagues at Anything Digital (co-owners of Watchful) released a patch file that is applied through the standard joomla extension installer. 

Full details for this Joomla security update, including the free download can be found on the Anything Digital blog.

Joomla 1.0/Mambo

There are no security patches for these CMS versions to address the security issue described above. If you are still using Joomla 1.0 or Mambo, you should migrate immediately to Joomla 2 or Joomla 3. 

Release cycles and Joomla security

If all of these versions and releases are making your head spin, you are in good company! Many casual Joomla users are confused about Joomla’s version numbering and release cycle since it has changed often through Joomla’s history.

Recently however, Joomla has adopted an effective 2-year release cycle in which a “stable” version is supported for 2 years. For example, the next “stable” or Long Term Support release for Joomla 3 (incidentally, version 3.5) is scheduled for Q2 2014 and will be supported through Q2 2016 (and likely 6 months after that).

Once you understand the basics of the release cycle, it should be clear that urgent Joomla security issues are addressed by releasing new builds for all supported versions. As of this writing, the officially supported versions of Joomla are 2.5 and Joomla 3.1.

Categories: News


Leave a Reply

Avatar placeholder

Your email address will not be published.