Project: Joomla! SubProject: All Severity: High Versions: 1.7.2 and all 1.6.x versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak random number generation during password reset leads to possibility of changing a user’s password. Affected Installs Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions Solution Upgrade to the latest Joomla! version (1.7.3 or later) Reported by  David Jardin Contact The JSST at the Joomla! Security Center

Project: Joomla! SubProject: All Severity: High Versions: 1.5.24 and all earlier 1.5 versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak random number generation during password reset leads to possibility of changing a user’s password. Affected Installs Joomla! version 1.5.24 and all earlier 1.5 versions Solution Upgrade to the latest Joomla! 1.5 version (1.5.25 or later) Reported by  David Jardin Contact The JSST at the Joomla! Security Center .

Project: Joomla! SubProject: All Severity: High Versions: 1.5.24 and all earlier 1.5 versions Exploit type: Password Change Reported Date: 2011-October-28 Fixed Date: 2011-November-14 Description Weak random number generation during password reset leads to possibility of changing a user’s password. Affected Installs Joomla! version 1.5.24 and all earlier 1.5 versions Solution Upgrade to the latest Joomla! 1.5 version (1.5.25 or later) Reported by  David Jardin Contact The JSST at the Joomla! Security Center .

Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-September-09 Fixed Date: 2011-October-17 Description Weak encryption causes potential information disclosure. Affected Installs Joomla! version 1.7.1 and earlier Solution Upgrade to the latest Joomla! version (1.7.2 or later) Reported by Jeff Channell Contact The JSST at the Joomla! Security Center .

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.1 Exploit type: Information Disclosure Reported Date: 2011-August-02 Fixed Date: 2011-October-17 Description Inadequate error checking causes potential information disclosure. Affected Installs Joomla! version 1.7.1 and earlier Solution Upgrade to the latest Joomla! version (1.7.2 or later) Reported by Aung Khant, YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center

Project: Joomla! SubProject: All Severity: Low Versions: 1.7.0 Exploit type: Information Disclosure Reported Date: 2011-September-23 Fixed Date: 2011-September-26 Description Inadequate error checking causes information disclosure.

Project: Joomla! SubProject: All Severity: Medium Versions: 17.0 and all 1.6.x versions Exploit type: XSS Reported Date: 2011-August-02 Fixed Date: 2011-September-22 Description Inadequate escaping leads to XSS vulnerability in com_search.

Joomla! Platform Current test coverage report  Most recent commits Most recent pull reqests API documentation Joomla! CMS Recent commits Issue tracker Feature tracker

This article will be the release goals for the LTS release in January 2012.

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.5 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-July-11 Fixed Date: 2011-July-19 Description Inadequate escaping leads to XSS vulnerability. Affected Installs Joomla! version 1.6.5 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.7.0 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center .

Joomla! CMS Long Term Support Release: Joomla! 1.5.23 End of Support: April 2012 Short Term Support Release: Joomla 1.6.4 End of Support: August 19, 2011 (Subject to change) Upcoming Short Term Support Release: Joomla! 1.7 Current Status: Beta 1 Expected General Availability Date: July 19, 2011 Upcoming Long Term Support Release: Joomla! 1.8? Expected General Availability Date: January 2012 Listing of  known potential backward compatibility issues.   Joomla Platform Current Status: Pre Release 11.1 Expected General Availability Date: July 25, 2011 Version: 11.2 Listing of  known potential backward compatibility issues. Note: All dates are subject to change

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: Unauthorised Access Reported Date: 2011-June-10 Fixed Date: 2011-June-27 Description Inadequate permission checking causes potential for unauthorised access.

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-March-24 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability.

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: Information Disclosure Reported Date: 2011-May-25 Fixed Date: 2011-June-23 Description Inadequate filtering causes possible information disclosure. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center .

Project: Joomla! SubProject: All Severity: Medium Versions: 1.6.3 and all earlier 1.6.x versions Exploit type: XSS Reported Date: 2011-May-25 Fixed Date: 2011-June-27 Description Inadequate filtering leads to XSS vulnerability. Affected Installs Joomla! version 1.6.3 and all earlier 1.6.x versions Solution Upgrade to the latest Joomla! version (1.6.4 or later) Reported by Aung Khant Contact The JSST at the Joomla! Security Center .

J and Beyond is an international Joomla conference taking place in the Netherlands in early May. The first J and Beyond conference was held in Germany last year and was a huge success, attracting Joomla developers from all over the world.

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-28 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by YGN Ethical Hacker Group Contact The JSST at the Joomla! Security Center

Project: Joomla! SubProject: All Severity: Low Versions: 1.6.1 and 1.6.0 Exploit type: Information Disclosure Reported Date: 2011-March-26 Fixed Date: 2011-April-14 Description Inadequate error checking causes information disclosure. Affected Installs Joomla! version 1.6.1 and 1.6.0 versions Solution Upgrade to the latest Joomla! version (1.6.2 or later) Reported by High-Tech Bridge SA (Switzerland) Contact The JSST at the Joomla! Security Center .