Joomla! 4.2.8 Released (security release)

Announcements from the Joomla! Project for the attention of all Users. We encourage all Joomla! users to subscribe to this forum or check it regularly.
Joomla! Security Updates: ... d?type=rss | Joomla! Vulnerable Extensions: ... json-feed/
User avatar
Joomla! Master
Joomla! Master
Posts: 24887
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands

Joomla! 4.2.8 Released (security release)

Post by pe7er » Thu Feb 16, 2023 4:09 pm

Joomla! 4.2.8 is now available. This is a security release for the 4.x series of Joomla! which addresses a critical security vulnerability in the web services API. We strongly recommend that you update your sites immediately.

This release only contains the security fix; no other changes have been made compared to the Joomla! 4.2.7 release.
After the release, we strongly advise you to renew the passwords for all credentials that are stored in the global site configuration, namely:
  • database
  • SMTP
  • Redis
  • HTTP proxy
The issue has been reported in a responsible disclosure process, there have been no signs of exploitation on public sites.

Security issues fixed with 4.2.8
  • [20230201] - Core - Improper access check in webservice endpoints
    More Information

Full announcement + download links: ... lease.html

Discussion Forum: viewtopic.php?f=9&t=999839
Last edited by imanickam on Thu Feb 16, 2023 4:19 pm, edited 1 time in total.
Reason: Changed the version from 4.2.7 to 4.2.8 in the Subject
Kind Regards,
Peter Martin, Global Moderator
Company website: - Joomla specialist, Nijmegen, Netherlands
The best website:


Return to “Announcements”