There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla platform

The Joomla CMS has a couple of places from which you can download the latest CMS versions. Below is a list of locations where you can find Joomla.

Joomla Download Page

If you would like to download the files already built into an easy zip file format you can download them directly from joomla.org. On this page you’ll find the most recent release of the Current stable version and links to other Legacy versions.

JoomlaCode Directory

This download page pulls the files from a list available on JoomlaCode site. If you wish to browse specific packages, including every release since 1.0, you can do so by visiting the Files directory on Joomlacode.

GitHub Repository

Alternatively if you are interested in looking at the files before you download or would rather review and download direct you can do so from the Joomla GitHub repository. In the repository you can use the tags feature to select the version of the code you wish to download.

Note: Nightly builds

Nightly builds are available from http://developer.joomla.org/cms-packages and can be used to test both new installs and updates from previous releases. These packages should not be used in production environments.

As news came out today that there’s a vulnerability on HTTP_PROXY infecting CGI application on PHP, Python, Go and others known as httpoxy. The Production Leadership Team and the Joomla! Project wants to raise awareness of this to it’s users.

The Joomla! core itself is not affected in any way by this vulnerability, but third party extensions using specific PHP libraries might be. As of now we have no further information on which third parties extensions may use any affected libraries, so we ask all of our users to check with their extension providers to see if their extension might be affected. The HTTP protocol is used to make requests for information on the Internet, such as to load a web page, image file, or data from a RESTful API.

More information on the vulnerability can be found at : https://httpoxy.org/

For example we know the Guzzle library (a very popular one) is affected, therefore it’s recommended to update the library as soon as possible. For this specific library you can find a fix on github at the following link : https://github.com/guzzle/guzzle/commit/9d521b23146cb6cedd772770a2617fd6cbdb1596 or via Composer.

If you are not sure what libraries are used by your Third Party extension providers, please contact them. If you see updates in the next few days from these developers, please apply them.


Joomla! raises awareness on the HTTP_PROXY vulnerability