Joomla 2.5.29

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
KevinMorr
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Thu Jul 30, 2015 4:07 pm

Joomla 2.5.29

Postby KevinMorr » Tue Dec 22, 2015 1:50 am

I have been hearing all day that there will be a patch for 2.5 but there is nothing anywhere on the Joomla site that says this, nor can I find any links to a download. Does anyone know if this is a valid update coming down, or is the community been mislead? Apparently there is also a patch coming out for 1.5 too, but again no word from the Joomla team on this one either.

User avatar
xfsgpr
Joomla! Guru
Joomla! Guru
Posts: 940
Joined: Mon Feb 14, 2011 4:02 am
Location: London

Re: Joomla 2.5.29

Postby xfsgpr » Tue Dec 22, 2015 1:56 am

2.5.28 was the last one in 2.5.X build and it is no longer developed nor actively supported. However, sometimes the developers may release important security fixes and they will be posted at this link:

https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions

Good luck.

KevinMorr
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Thu Jul 30, 2015 4:07 pm

Re: Joomla 2.5.29

Postby KevinMorr » Tue Dec 22, 2015 2:12 am

Thanks xfsgpr, I knew that and the reason I asked is because I have received several emails today from some developers that I follow and support and they are the ones saying that this latest patch was so sever that there would be an emergency patch for both 1.5 and 2.5. I dont have any 1.5 sites but I know there are some out there to stubborn to migrate. Anyway I was just curious, I have told all my clients that refuse to migrate from 2.5 to 3.4.x they are on their own if their sites get hacked.

Just took a look at the Github tracker and it is funny this is being run by Phil Taylor and he is one of the people that messaged me and said there would be updates for these two older versions of Joomla...

Thanks for the info though, happy holidays to you my friend...;)

User avatar
Bernard T
Joomla! Guru
Joomla! Guru
Posts: 780
Joined: Thu Jun 29, 2006 11:44 am
Location: Hrvatska
Contact:

Re: Joomla 2.5.29

Postby Bernard T » Sat Jan 02, 2016 1:18 pm

KevinMorr wrote:Just took a look at the Github tracker and it is funny this is being run by Phil Taylor and he is one of the people that messaged me and said there would be updates for these two older versions of Joomla...

P.Taylor manages those unofficial Github repos for EOL Joomla's with some patches
The point of those messages was to tell you the patches will be available for 1.5 and 2.5 branches, despite them being End-Of-Life. EOL versions don't ever get a new version.

Both patches for 2.5 are here (one of those is missing for some reason on official EOL link)
https://github.com/joomla/joomla-cms/re ... ng25v1.zip

EDIT: my mistake, the patch "SessionHardening25v1.zip" contains additional fix to the same file, so that one should be used instead of older patch derived from 3.4.6 fix.
VEL Team || Security Forum || PHP/Web Security Specialist || OWASP member
JAMSS author viewtopic.php?f=621&t=777957
Twitter: @toplak


Return to “Security in Joomla! 2.5”

Who is online

Users browsing this forum: No registered users and 4 guests