There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla platform

  • Project: Joomla!
  • SubProject: framework
  • Severity: Low
  • Versions: 1.5.8 and all previous 1.5 releases
  • Exploit type: Session Hijacking/
  • Reported Date: 2008-November-20
  • Fixed Date: 2009-January-9

Description

When running a site under SSL ONLY (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.  This can allow someone monitoring the network to find the cookie related to the session.  Please note that all data is still transferred securely.

Affected Installs

1.5.8 and lower installs which are run with SSL only (no non-ssl access).  

Solution

Upgrade to latest Joomla! version (1.5.9 or newer), and set force_ssl in global configuration. Alternatively, the php setting session.secure_cookie can be set in .htaccess or php.ini.  Joomla! (all versions) will respect this setting.

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hanno Boeck

The Joomla! Production Leadership Team (PLT) is pleased to announce we are looking for members to fill particular roles. We currently have a volunteer position open for a PLT Secretary.


Call For Joomla! Production Leadership Team Nominations - Secretary

Announcing the New Developer Relations Program for Joomla!

We are thrilled to announce the launch of the new Developer Relations Team for Joomla! We'd like to take this time to invite developers to join our team as a Volunteer Developer Advocate. Together, our team will rally around one purpose: to make web development with Joomla! easier and more productive for all.


Call for Volunteers - Developer Advocates Team for the Joomla! Project

Many users are always looking forward to a new version of their favorite software because it could bring them new shiny things to play with. Many website maintainers are less fond of new versions as they wonder what will break this time round. As a software developing and using community we believe the responsibility is in all our hands and not just of those creating the release. We ask for your active participation in testing all 3.5 pre-releases. This will ensure we can move smoothly to this new version.


Joomla! 3.5 What’s in store for us?

This document sets out a number of high-level goals and for each goal lists a number of objectives that support the attainment of that goal. Goals are statements of purpose towards which our efforts are directed. They can be quite generic and do not need to be strictly measurable or tangible. On the other hand, objectives are specific tasks that are made to support the attainment of our goals and should be measurable and tangible.

All of our goals and objectives are made in support of our declared mission:

"To provide a flexible platform for digital publishing and collaboration"


PLT Goals 2015

The Joomla! Production Leadership Team (PLT) is pleased to announce the addition of new team members to the Joomla 4 User Experience Team (JUX).

The purpose of the JUX is to improve the usability of the Joomla project through extensive research and user testing, and to make recommendations to the relevant teams based on  findings.


Joomla! 4 User Experience Team Announcement