JOOMLA! 1.5.26 RELEASED

The Joomla Project announces the immediate availability of Joomla 1.5.26 [senu takaa ama busani]. This is a security release. The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! developement at the Developer Site.

Release Notes

Check the Joomla 1.5.26 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.

Security

• High Priority - Core - Password Change Vulnerability. More information »
• Low Priority - Core - Information Disclosure. More information »

Issues Fixed

None.

Security News

[20120305] - Core - Password Change

• Project: Joomla!
• SubProject: All
• Severity: High
• Versions: 1.5.25 and all earlier 1.5.x versions
• Exploit type: Password Change
• Reported Date: 2012-March-8
• Fixed Date: 2012-March-27

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

Security News

[20120306] - Core - Information Disclosure

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 1.5.25 and all earlier 1.5.x versions
• Exploit type: Information Disclosure
• Reported Date: 2012-January-7
• Fixed Date: 2012-March-27

Description

Inadequate permission checking allows unauthorised viewing of administrative back end information.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

Related articles

• Joomla! Accepted for 2012 Google Summer of Code (openddemo.blogspot.com)