Joomla! 3.4.7 Released

Announcements from the Joomla! Project for the attention of all Users. We encourage all Joomla! users to subscribe to this forum or check it regularly.
Joomla! Security Updates: https://developer.joomla.org/security-c ... d?type=rss | Joomla! Vulnerable Extensions: https://extensions.joomla.org/vulnerabl ... json-feed/
Locked
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24977
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:
Contact pe7er

Joomla! 3.4.7 Released

Post by pe7er » Mon Dec 21, 2015 10:48 pm

Joomla! 3.4.7 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and one low level security vulnerabilities. We strongly recommend that you update your sites immediately.
This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.6 release.

What's in 3.4.7

Version 3.4.7 is released to address two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.
The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are making this release to deal with this issue on vulnerable PHP versions.

Security Issues Fixed
  • High Priority - Core - Session Hardening Execution (affecting Joomla 1.5 through 3.4.6) More information »
  • Low Priority - Core - SQL Injection (affecting Joomla 3.0.0 through 3.4.6) More information »
Please see the documentation wiki for FAQ’s regarding the 3.4.7 release. It is important to note that due to some session changes you will not be able to edit items until you log out and log back in again. Please note that there has been a backwards compatibility break regarding how session management is handled. If you are using the documented Joomla API you will have no issues. The changes are fully documented in the release documentation.

Download
New Installations: Download Joomla 3.4.7 English (UK), 3.4.7 Full Package
New installation instructions and technical requirements

Upgrade Packages: Upgrade Packages Joomla 3 upgrade packages
Note: Please read the update instructions before updating.
Please remember to clear your browser's cache after upgrading.

Joomla 1.5 and 2.5
Joomla does not release updates for EOL versions however we have made patches available for download which can be found at https://docs.joomla.org/Security_hotfix ... L_versions.

Full Announcement: https://www.joomla.org/announcements/re ... 3-4-7.html

Discuss the release: http://forum.joomla.org/viewtopic.php?f=9&t=902921
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Top
Locked

Return to “Announcements”