There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla platform

  • Project: Joomla!
  • SubProject: libraries
  • Severity: Critical
  • Versions: 1.5.6 and all previous 1.5 releases
  • Exploit type: Variable Injection 
  • Reported Date: 2008-September-7 
  • Fixed Date: 2008-September-9


A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request.  This can result in variable injection (unwanted characters injected into returned data).

3PD Concerns

3PD extensions which use JRequest do not need to change anything for proper function.

Affected Installs

All 1.5.x installs prior to and including 1.5.6 are affected.


Upgrade to latest Joomla! version (1.5.7 or newer).


The JSST at the Joomla! Security Centre.

Reported By: Joomla! Development Coordinator Andrew Eddie

Many users are always looking forward to a new version of their favorite software because it could bring them new shiny things to play with. Many website maintainers are less fond of new versions as they wonder what will break this time round. As a software developing and using community we believe the responsibility is in all our hands and not just of those creating the release. We ask for your active participation in testing all 3.5 pre-releases. This will ensure we can move smoothly to this new version.

Joomla! 3.5 What’s in store for us?

This document sets out a number of high-level goals and for each goal lists a number of objectives that support the attainment of that goal. Goals are statements of purpose towards which our efforts are directed. They can be quite generic and do not need to be strictly measurable or tangible. On the other hand, objectives are specific tasks that are made to support the attainment of our goals and should be measurable and tangible.

All of our goals and objectives are made in support of our declared mission:

"To provide a flexible platform for digital publishing and collaboration"

PLT Goals 2015

The Joomla! Production Leadership Team (PLT) is pleased to announce the addition of new team members to the Joomla 4 User Experience Team (JUX).

The purpose of the JUX is to improve the usability of the Joomla project through extensive research and user testing, and to make recommendations to the relevant teams based on  findings.

Joomla! 4 User Experience Team Announcement

The next major version for Joomla! has been on the radar for some time but lacking follow through, for reasons both organisational and technical. At JandBeyond, May/June 2015 in Prague the community took matters into their own hand and set up a “make it happen” session to discuss Joomla 4.

Joomla! 4 working group

Following are the meeting notes from the Production Leadership Team meeting held on Monday 01/06/2015 and Tuesday 02/06/2015.

Meeting Details

Team Members: Jessica, Javier, Chris, Robert, Viktor, Roland, George, Marco, Tessa (N.B. Tessa was sent to JAB on a CLT budget to attend JED meetings - she attended for ~1 hour on both days).

Apologies: Tom, Thomas

Meeting Notes from JAB PLT Summit 2015