Joomla! has released a critical security update for its Content Management System (CMS) software to address multiple vulnerabilities. Joomla! states that the exploitation of these vulnerabilities may allow a remote attacker to take control of an affected website. Joomla! also urges users and administrators to update their sites with immediate effect.
New Version Released
The new version of Joomla! released as a security update for Joomla! 3.x is version 3.6.4.
The following vulnerabilities have been addressed of Joomla!
- High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3)
- High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3)
- High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3)
Recommended Course of Action
If Joomla! is being installed for the first time, it is recommended that users and administrators install version 3.6.4 (or newer). The link to download Joomla! 3.6.4 (new installation) is https://github.com/joomla/joomla-cms/releases/download/3.6.4/Joomla_3.6.4-Stable-Full_Package.zip , with instructions available at https://docs.joomla.org/J3.x:Installing_Joomla.
It is recommended that users and administrators upgrade their current version of Joomla! to version 3.6.4. The link to download an upgrade to Joomla! (to version 3.6.4) is https://github.com/joomla/joomla-cms/releases/tag/3.6.4 , with update instructions available at https://docs.joomla.org/J3.x:Updating_from_an_existing_version .
The Joomla! bulletin detailing this security update is available on page https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html . It is recommended that users and administrators read the FAQ regarding the 3.6.4 release on page https://docs.joomla.org/Category:Version_3.6.4_FAQ .