The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.
For more information about this exploit, click here to visit the Joomla Security Blog.
* New installation
* Upgrade from an existing Joomla! 1.5 version
* Migration from Joomla! 1.0.x
* See below for manual installation instructions
Download the Joomla 1.5.6 full package now
Downlaod update packages
* SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.
For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:
This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.
Joomla! 1.5.7 Goals
Due to the urgent nature of the Joomla 1.5.6 release, the following goals were pushed from version 1.5.6 to 1.5.7:
* Menu performance improvements
* Replacement of the Pear library
* Update of the OpenID library to v 2.0
* Consistency for 403 errors and "Register to Read More" functionality
* Identify and fix Form Redirects that do not have SEF URLs
* Expand Automated URL testing scenarios
* Recruit Bug Squad members who use Joomla with non-English languages, especially those who use a RTL language
* Introduction of Unit Testing
* Continue working on the //TODO tags in source code