So it is the middle of summertime and you could be forgiven for enjoying the fine weather rather than paying attention to what is going on in the world of Joomla.
On Thursday, 25 July the Joomla! Project announced the availability of Joomla 3.1.4/2.5.13 and a large proportion of users upgraded their websites due to the new releases offering a multitude of useful new features and bug fixes.
Great I hear you cry, we can upgrade and then get back to the fine weather BUT – on Thursday, 01 August, the Joomla! Project surprisingly announced the immediate availability of Joomla! 3.1.5/2.5.14. Why such a short time frame between the two releases?
The reason was that a critical level security issue was discovered soon after the previous release had gone out….and it had the potential to affect all Joomla! CMS versions. Not just the latest version you did read that correctly, – we are talking about all the Joomla! sites out there. All versions are affected – 1.5, 1.6, 1.7, 2.5 and 3. Good job TR8 Media have got your back 😉
How does the vulnerability effect Joomla websites?
It is all to do with the Media Manager. To exploit the vulnerability, the hacker would need to find a Joomla site that allows access to the media manager to its registered users. After registering an account, the hacker uses the vulnerability to upload a malicious shell script to this site through the Media Manager. After that the attacker can do pretty much anything – edit your files, access your database, delete information, etc.
What has TR8 Media done to help its clients?
Patches were released for Joomla 2.5.x and 3.1.x – and we informed our clients of this and upgraded many of them ourselves.
For those on Joomla 1.5.x (which is no longer officially supported) we were lucky that a patch has been released by the Joomla! Project. Click here to download it and extract it on your server if you have not already applied the patch
For anyone still on Joomla 1.5.x it is HIGHLY recommended to upgrade to the latest version of Joomla!. Contact us today, it might not cost as much as you think and we will guarantee that it will not cost as much as losing your entire website would do!