Joomla! Developer Network

There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla platform

  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-06
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith Jayathissa

The Joomla! Bug Squad (JBS) is pleased to announce the addition of the new Bug Squad Co-Leader. We welcome Tobias Zulauf to the team.

Leading the JBS is a big task. The group is large and there are many tasks at hand. Combine this with a position in the Production Leadership Team (PLT), you will soon see that there are not enough hours in a day for one person. We needed to find help for Roland Dalmulder - PLT member and current JBS lead.


Our New Bug Squad Co-Leader

As was announced earlier this year, the Joomla! project is actively working toward shutting down JoomlaCode.org. In addition to assisting existing users with migrating data, we have also been busy managing our own data as well and would like to provide this update on our progress.


JoomlaCode Shutdown Update

In a reorganising of the Joomla! web properties, the PLT has decided to close down the Joomla! User Experience website (https://ux.joomla.org). This news isn’t really new news. Discussions about moving the JUX forum started in 2013 but the steps necessary to move and shut the forum down were never completed. Is the Production Leadership Team still interested in a Joomla! user’s experience? You can bet it is!


JUX is closing

Many of you may have noticed the message "Please note: Due to technical reasons we have had to disable the Install from Web Service. We are working to get it back online as soon as possible. To find extensions please use the Joomla! Extensions Directory at http://extensions.joomla.org"

Install from web


Status of the Install from Web

After an extended period of silence, the Production Leadership Team is happy to announce that we are moving forward with planning, preparing, and ultimately releasing version 2 of the Joomla! Framework. Over the last several weeks, we have begun building a roadmap and vision for the next major version of the Framework and are now ready to share with the community for review and feedback.


Framework v2 Roadmap

Joomla! CMS

Current Release 

View known Issues

Development Status

Nightly CMS builds for developers are available for download

Joomla! Framework

Joomla! Reading

Joomla! Programming

Joomla! Programming

Mark Dexter & Louis Landry
Joomla! Templates

Joomla! Templates

Angie Radtke