Joomla! Releases Security Update for its CMS

Joomla! has released a critical security update for its Content Management System (CMS) software to address multiple vulnerabilities. Joomla! states that the exploitation of these vulnerabilities may allow a remote attacker to take control of an affected website. Joomla! also urges users and administrators to update their sites with immediate effect.

New Version Released

The new version of Joomla! released as a security update for Joomla! 3.x is version 3.6.4.

Vulnerabilities Addressed

The following vulnerabilities have been addressed of Joomla!

  • High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3)
  • High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3)
  • High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3)

Recommended Course of Action

If Joomla! is being installed for the first time, it is recommended that users and administrators install version 3.6.4 (or newer). The link to download Joomla! 3.6.4 (new installation) is https://github.com/joomla/joomla-cms/releases/download/3.6.4/Joomla_3.6.4-Stable-Full_Package.zip , with instructions available at https://docs.joomla.org/J3.x:Installing_Joomla.

It is recommended that users and administrators upgrade their current version of Joomla! to version 3.6.4. The link to download an upgrade to Joomla! (to version 3.6.4) is https://github.com/joomla/joomla-cms/releases/tag/3.6.4   , with update instructions available at https://docs.joomla.org/J3.x:Updating_from_an_existing_version .

More Information

The Joomla! bulletin detailing this security update is available on page https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html  . It is recommended that users and administrators read the FAQ regarding the 3.6.4 release on page https://docs.joomla.org/Category:Version_3.6.4_FAQ .

logofooter2

Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners
lanka-certify-logoDark-Lab-Logo2contact