Upgrade to Joomla! 1.0.10 Security Release!

Monday, 26 June 2006

Joomla! 1.0.10 [ Sundown ] is now available as of Monday 26th June 2006 04:00 UTC for download here.

All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla! 

1.0.10 contains the following important security fixes:

If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.10 

1.0.10 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.

Security Fixes

Joomla! 1.0.10 Contains nine (09) fixes for High, Medium and Low Level Security Vunerabilities.  

03 - HIGH Level Threats fixed in 1.0.10

A1 Unvalidated Input

01 - MEDIUM Level Threats fixed in 1.0.10

A4 Cross Site Scripting

05 - LOW Level Threats fixed in 1.0.10

A1 Unvalidated Input

A4 Cross Site Scripting

High Level Vulnerabilities

1.0.10 fixes 2 High Level security vulnerabilities that affect all previous versions of Joomla! 1.0.x series.

All Joomla! users are advised to upgrade to Joomla! 1.0.10

New to Joomla! or starting a new site

Are you a new Joomla! user?  Confused as to which of the 30 available packages to dowload?

The answer is simple.  If you are creating a site for the first time, you will need the Full Package file:

The other packages are for those users who have already have an existing Joomla! site and wish to upgrade to the latest version.

Upgrade Instructions

Upgrading from any version of Joomla! 1.0.x to 1.0.10, simply involves overwriting your current sites files, with the files in the proper Patch Package that applies to your site. 
So if you are running Joomla! 1.0.5, you will need the 1.0.5 to 1.0.10 Patch Package.

This can be done by either uncompressing the Patch Package and then using an FTP client to transfer these files to your server and overwriting existing file.  If you find errors after the process, ensure that all files were properly transferred.  There have been verified reports of some FTP clients not properly transferring files across to a server - without notifying the user of such a problem.

If your Web Provider gives you access to your site via some sort of Web Admin panel like CPanel or Plesk, you can use the syetems file manager to upload the Patch Package file to your server and then extracting the package file and overwriting all the files on your server.

More information can be found on the Forums and if at any stage you are unsure, then search the forums for posts on the subject.  Most will be found in the Upgrading Forum.

Conversion Instructions

For those converting from Mambo 4.5.2.x or Mambo 4.5.3 please read these Migration instructions.
You will to need to download the Joomla 1.0.10 Full package.

Backing Up

Before undertaking an Upgrade or Conversion, it is extremely important that you backup your site Database and if possible, also you site files.  While we try to ensure that an Upgrade or Conversion process is relatively straightforward, we cannot garuantee that this will always be the case for every user.  So it is imperative that users take protective measures in case they face problems after the Upgrade or Conversion.

Package Integrity

To ensure the integrity of the files you are downloading, you are advised only to download from the 'Official Source' on the Ofifical Joomla! Forge.  As an extra security measure we now make available the MD5 checksum values of the respective package files, to allow people to do integrity checking.


Joomla! 1.0.10 comes as a Full Package:

and Patch Packages:

Package Formats

It also comes packaged in 3 different compression formats

Rey Gigataras [stingrey]
Joomla! Core Team Member
Stability Team Leader


Copyright 2006