Upgrade to Joomla! 1.0.10 Security Release!
Monday, 26 June 2006
Joomla! 1.0.10 [ Sundown ] is now available as of Monday 26th June 2006 04:00 UTC for download here.
All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla!
1.0.10 contains the following important security fixes:
If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.10
1.0.10 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.
Security Fixes
Joomla! 1.0.10 Contains nine (09) fixes for High, Medium and Low Level Security Vunerabilities.
03 - HIGH Level Threats fixed in 1.0.10
A1 Unvalidated Input
01 - MEDIUM Level Threats fixed in 1.0.10
A4 Cross Site Scripting
05 - LOW Level Threats fixed in 1.0.10
A1 Unvalidated Input
A4 Cross Site Scripting
High Level Vulnerabilities
1.0.10 fixes 2 High Level security vulnerabilities that affect all previous versions of Joomla! 1.0.x series.
All Joomla! users are advised to upgrade to Joomla! 1.0.10
New to Joomla! or starting a new site
Are you a new Joomla! user? Confused as to which of the 30 available packages to dowload?
The answer is simple. If you are creating a site for the first time, you will need the Full Package file:
The other packages are for those users who have already have an existing Joomla! site and wish to upgrade to the latest version.
Upgrade Instructions
Upgrading from any version of Joomla! 1.0.x to 1.0.10, simply involves overwriting
your current sites files, with the files in the proper Patch Package that applies
to your site.
So if you are running Joomla! 1.0.5, you will need the 1.0.5 to 1.0.10 Patch Package.
This can be done by either uncompressing the Patch Package and then using an FTP client to transfer these files to your server and overwriting existing file. If you find errors after the process, ensure that all files were properly transferred. There have been verified reports of some FTP clients not properly transferring files across to a server - without notifying the user of such a problem.
If your Web Provider gives you access to your site via some sort of Web Admin panel like CPanel or Plesk, you can use the syetems file manager to upload the Patch Package file to your server and then extracting the package file and overwriting all the files on your server.
More information can be found on the Forums and if at any stage you are unsure, then search the forums for posts on the subject. Most will be found in the Upgrading Forum.
Conversion Instructions
For those converting from Mambo 4.5.2.x or Mambo 4.5.3 please read these Migration
instructions.
You will to need to download the Joomla 1.0.10 Full package.
Backing Up
Before undertaking an Upgrade or Conversion, it is extremely important that you backup your site Database and if possible, also you site files. While we try to ensure that an Upgrade or Conversion process is relatively straightforward, we cannot garuantee that this will always be the case for every user. So it is imperative that users take protective measures in case they face problems after the Upgrade or Conversion.
Package Integrity
To ensure the integrity of the files you are downloading, you are advised only to download from the 'Official Source' on the Ofifical Joomla! Forge. As an extra security measure we now make available the MD5 checksum values of the respective package files, to allow people to do integrity checking.
Packages
Joomla! 1.0.10 comes as a Full Package:
and Patch Packages:
Package Formats
It also comes packaged in 3 different compression formats
Rey Gigataras [stingrey]
Joomla! Core Team Member
Stability Team Leader
Joomla!
Copyright 2006