This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.6 release.
What's in 3.4.7
Version 3.4.7 is released to address two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.
The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are making this release to deal with this issue on vulnerable PHP versions.
Security Issues Fixed
- High Priority - Core - Session Hardening Execution (affecting Joomla 1.5 through 3.4.6) More information »
- Low Priority - Core - SQL Injection (affecting Joomla 3.0.0 through 3.4.6) More information »
New Installations: Download Joomla 3.4.7 English (UK), 3.4.7 Full Package
New installation instructions and technical requirements
Upgrade Packages: Upgrade Packages Joomla 3 upgrade packages
Note: Please read the update instructions before updating.
Please remember to clear your browser's cache after upgrading.
Joomla 1.5 and 2.5
Joomla does not release updates for EOL versions however we have made patches available for download which can be found at https://docs.joomla.org/Security_hotfix ... L_versions.
Full Announcement: https://www.joomla.org/announcements/re ... 3-4-7.html
Discuss the release: http://forum.joomla.org/viewtopic.php?f=9&t=902921