Updated critical security vulnerability affects Joomla 1.5 through 3.4.6 — immediate update required

joomla security update 2015

On 21 December 2015, the Joomla project announced a new security vulnerability affecting all current versions of Joomla 1.5 through 3.4.6.

This vulnerability builds on a similar security issue patched one week ago and we recommend that all Joomla websites update immediately. 

Updating Joomla 3 sites

We strongly advise you to update any Joomla 3 site to the latest 3.4.7 version without delay. You can do this via the Watchful dashboard or on each of your website backends using thebuilt-in  Joomla Updater.

Updating Joomla 1.5 and 2.x sites

Once a version of Joomla reaches the end-of-life (EOL) stage of development, official updates are no longer released. However, if critical security bugs are identified, unofficial and unsupported fixes may be applied manually (via FTP for example).

To make it easier to apply updates for EOL Joomla versions, we've prepared security patches that may be installed from the Joomla backend. To use them:

  1. Backup your site(s).
  2. Download the installable EOL patches (updated today for the latest vulnerability).
  3. Websites running Joomla 1.5 or 2.5 must first be updated to the latest versions — Joomla 1.5.26 (instructions) and 2.5.28 (instructions).
  4. Install the EOL patches via the in the  Joomla installer of each site individually. Watchful users may use the Remote Installer to update all of their Joomla 1.5 and 2.5 sites at once. 

Testimonial

Sander Potjer
Thanks to the built in support for the ACL Manager Download Key, users of Watchful.li can update ACL Manager on all their sites with just a single click. Sander Potjer / aclmanager.net