Project: Joomla! SubProject: All Severity: Low Versions: 2.5.0 as well as 1.7.0 – 1.7.4 Exploit type: Information Disclosure Reported Date: 2012-January-29 Fixed Date: 2012-February-02 Description Inadequate validation leads to report avowal in administrator. Affected Installs Joomla! chronicle 2.5.0, 1.7.4, as well as all progressing 1.7.x versions Solution Upgrade to chronicle 1.7.5 or 2.5.1 or aloft Reported by Jakub Galczyk Contact The JSST during a Joomla! Security Center.

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.4 as well as all progressing 1.7.x versions Exploit type: Information Disclosure Reported Date: 2012-January-06 Fixed Date: 2012-February-02 Description On a little servers a blunder record could be review by unapproved users.

Joomla, a single of a world’s many renouned open source calm government systems (CMS) used for all from websites to blogs to Intranets, currently announces a evident accessibility of Joomla 2.5. Along with brand new facilities such as modernized poke as well as involuntary presentation of Joomla core as well as prolongation updates, a Joomla CMS for a initial time includes multi-database await with a further of Microsoft SQL Server. Previous versions of Joomla were concordant to one side with MySQL databases

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 as well as all progressing 1.7 as well as 1.6 versions Exploit type: Information Disclosure Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description Inadequate filtering leads to report disclosure. Affected Installs Joomla! chronicle 1.7.3 as well as all progressing versions Solution Upgrade to chronicle 1.7.4 or 2.5.0 or aloft Reported by Cyrille Barthelemy Contact The JSST during a Joomla! Security Center.

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 as well as all progressing 1.7 as well as 1.6 versions Exploit type: XSS Vulnerability Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! chronicle 1.7.3 as well as all progressing versions Solution Upgrade to chronicle 1.7.4 or 2.5.0 or aloft Reported by Ankita Kapadia Contact The JSST during a Joomla! Security Center.

Project: Joomla! SubProject: All Severity: High Versions: 1.7.2 as well as all 1.6.x versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak pointless series era during cue reset leads to probability of becoming different a user’s password. Affected Installs Joomla! chronicle 1.7.2 as well as all progressing 1.7.x as well as 1.6.x versions Solution Upgrade to a ultimate Joomla! chronicle (1.7.3 or later) Reported by  David Jardin Contact The JSST during a Joomla! Security Center

Project: Joomla! SubProject: All Severity: High Versions: 1.5.24 as well as all progressing 1.5 versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak pointless series era during cue reset leads to probability of becoming different a user’s password. Affected Installs Joomla! chronicle 1.5.24 as well as all progressing 1.5 versions Solution Upgrade to a ultimate Joomla! 1.5 chronicle (1.5.25 or later) Reported by  David Jardin Contact The JSST during a Joomla! Security Center .

Project: Joomla! SubProject: All Severity: High Versions: 1.5.24 as well as all progressing 1.5 versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak pointless series era during cue reset leads to probability of becoming different a user’s password. Affected Installs Joomla! chronicle 1.5.24 as well as all progressing 1.5 versions Solution Upgrade to a ultimate Joomla! 1.5 chronicle (1.5.25 or later) Reported by  David Jardin Contact The JSST during a Joomla! Security Center .

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-September-09 Fixed Date: 2011-October-17 Description Weak encryption causes intensity report disclosure. Affected Installs Joomla! chronicle 1.7.1 as well as progressing Solution Upgrade to a ultimate Joomla! chronicle (1.7.2 or later) Reported by Jeff Channell Contact The JSST during a Joomla! Security Center .

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-August-02 Fixed Date: 2011-October-17 Description Inadequate blunder checking causes intensity report disclosure. Affected Installs Joomla! chronicle 1.7.1 as well as progressing Solution Upgrade to a ultimate Joomla! chronicle (1.7.2 or later) Reported by Aung Khant, YGN Ethical Hacker Group Contact The JSST during a Joomla! Security Center

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.0 Exploit type: Information Disclosure Reported Date: 2011-September-23 Fixed Date: 2011-September-26 Description Inadequate blunder checking causes report disclosure.

Project: Joomla! SubProject: All Severity: Medium Versions: 17.0 as well as all 1.6.x versions Exploit type: XSS Reported Date: 2011-August-02 Fixed Date: 2011-September-22 Description Inadequate evading leads to XSS disadvantage in com_search.

Joomla! Platform Current exam coverage report  Most new commits Most new lift reqests API support Joomla! CMS Recent commits Issue tracker Feature tracker

This essay will be a recover goals for a LTS recover in Jan 2012.

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.5 as well as all progressing 1.6.x versions Exploit type: XSS Reported Date: 2011-July-11 Fixed Date: 2011-July-19 Description Inadequate evading leads to XSS vulnerability. Affected Installs Joomla! chronicle 1.6.5 as well as all progressing 1.6.x versions Solution Upgrade to a ultimate Joomla! chronicle (1.7.0 or later) Reported by Aung Khant Contact The JSST during a Joomla! Security Center .

Joomla! CMS Long Term Support Release: Joomla! 1.5.23 End of Support: Apr 2012 Short Term Support Release: Joomla 1.6.4 End of Support: Aug 19, 2011 (Subject to change) Upcoming Short Term Support Release: Joomla! 1.7 Current Status: Beta 1 Expected General Availability Date: Jul 19, 2011 Upcoming Long Term Support Release: Joomla! 1.8? Expected General Availability Date: Jan 2012 Listing of  known intensity back harmony issues.   Joomla Platform Current Status: Pre Release 11.1 Expected General Availability Date: Jul 25, 2011 Version: 11.2 Listing of  known intensity back harmony issues. Note: All dates have been theme to change

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 as well as all progressing 1.6.x versions Exploit type: Unauthorised Access Reported Date: 2011-June-10 Fixed Date: 2011-June-27 Description Inadequate accede checking causes intensity for unapproved access.

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 as well as all progressing 1.6.x versions Exploit type: XSS Reported Date: 2011-March-24 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability.