Critical security fixes for Joomla

Estimated reading time: 1 minute.

Sites running the popular web Content Management System (CMS) Joomla have been targeted by large-scale attacks recently. Joomla’s developers have responded by publishing a fixed version, Joomla 3.4.6.

Anyone who operates a Joomla-based web site should stop what they’re doing and install the necessary updates immediately.

Update 2015Dec23: Joomla developers discovered that a bug in PHP – the language in which Joomla is developed – would likely lead to more vulnerabilities in Joomla. The PHP bug has been fixed, but that won’t help sites that are running older versions of PHP. Recognizing this, the Joomla developers released another update (Joomla 3.4.7) that addresses the underlying vulnerability.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply