There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla platform

  • Project: Joomla!
  • SubProject: framework
  • Severity: Low
  • Versions: 1.5.8 and all previous 1.5 releases
  • Exploit type: Session Hijacking/
  • Reported Date: 2008-November-20
  • Fixed Date: 2009-January-9


When running a site under SSL ONLY (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.  This can allow someone monitoring the network to find the cookie related to the session.  Please note that all data is still transferred securely.

Affected Installs

1.5.8 and lower installs which are run with SSL only (no non-ssl access).  


Upgrade to latest Joomla! version (1.5.9 or newer), and set force_ssl in global configuration. Alternatively, the php setting session.secure_cookie can be set in .htaccess or php.ini.  Joomla! (all versions) will respect this setting.


The JSST at the Joomla! Security Centre.

Reported By: Hanno Boeck

Many users are always looking forward to a new version of their favorite software because it could bring them new shiny things to play with. Many website maintainers are less fond of new versions as they wonder what will break this time round. As a software developing and using community we believe the responsibility is in all our hands and not just of those creating the release. We ask for your active participation in testing all 3.5 pre-releases. This will ensure we can move smoothly to this new version.

Joomla! 3.5 What’s in store for us?

This document sets out a number of high-level goals and for each goal lists a number of objectives that support the attainment of that goal. Goals are statements of purpose towards which our efforts are directed. They can be quite generic and do not need to be strictly measurable or tangible. On the other hand, objectives are specific tasks that are made to support the attainment of our goals and should be measurable and tangible.

All of our goals and objectives are made in support of our declared mission:

"To provide a flexible platform for digital publishing and collaboration"

PLT Goals 2015

The Joomla! Production Leadership Team (PLT) is pleased to announce the addition of new team members to the Joomla 4 User Experience Team (JUX).

The purpose of the JUX is to improve the usability of the Joomla project through extensive research and user testing, and to make recommendations to the relevant teams based on  findings.

Joomla! 4 User Experience Team Announcement

The next major version for Joomla! has been on the radar for some time but lacking follow through, for reasons both organisational and technical. At JandBeyond, May/June 2015 in Prague the community took matters into their own hand and set up a “make it happen” session to discuss Joomla 4.

Joomla! 4 working group

Following are the meeting notes from the Production Leadership Team meeting held on Monday 01/06/2015 and Tuesday 02/06/2015.

Meeting Details

Team Members: Jessica, Javier, Chris, Robert, Viktor, Roland, George, Marco, Tessa (N.B. Tessa was sent to JAB on a CLT budget to attend JED meetings - she attended for ~1 hour on both days).

Apologies: Tom, Thomas

Meeting Notes from JAB PLT Summit 2015