This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
Weak random number generation during password reset leads to possibility of changing a user's password.
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Upgrade to the latest Joomla! version (1.7.3 or later)
The JSST at the Joomla! Security Centre.
Weak random number generation during password reset leads to possibility of changing a user's password.
Joomla! version 1.5.24 and all earlier 1.5 versions
Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
The JSST at the Joomla! Security Centre.
Weak encryption causes potential information disclosure.
Joomla! version 1.7.1 and earlier
Upgrade to the latest Joomla! version (1.7.2 or later)
The JSST at the Joomla! Security Centre.
Inadequate error checking causes potential information disclosure.
Joomla! version 1.7.1 and earlier
Upgrade to the latest Joomla! version (1.7.2 or later)
The JSST at the Joomla! Security Centre.
Weak encryption causes potential information disclosure.
Joomla! version 1.5.23 and earlier
Upgrade to the latest Joomla! version (1.5.24 or later)
The JSST at the Joomla! Security Centre.
Inadequate error checking causes information disclosure.
Joomla! version 1.7.0
Upgrade to the latest Joomla! version (1.7.1 or later)
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability in com_search.
Joomla! version 1.7.0 and all 1.6.x versions
Upgrade to the latest Joomla! version (1.7.1 or later)
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability in back end.
Joomla! version 1.7.0 and all 1.6.x versions
Upgrade to the latest Joomla! version (1.7.1 or later)
The JSST at the Joomla! Security Centre.
Inadequate escaping leads to XSS vulnerability.
Joomla! version 1.6.5 and all earlier 1.6.x versions
Upgrade to the latest Joomla! version (1.6.6 or later)
The JSST at the Joomla! Security Centre.
Inadequate filtering causes possible information disclosure.
Joomla! version 1.6.3 and all earlier 1.6.x versions
Upgrade to the latest Joomla! version (1.6.4 or later)
The JSST at the Joomla! Security Centre.