The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately. For more information about this exploit, click here to visit the Joomla Security Blog. (http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html) Instructions New installation (http://help.joomla.org/content/category/48/268/302/) Upgrade from an existing Joomla! 1.5 version (http://docs.joomla.org/Upgrading_1.5_from_an_existing_1.5x_version) Migration from Joomla! 1.0.x (http://docs.joomla.org/Migrating_from_1.0.x_to_1.5_Stable) See below for manual installation instructions Download the Joomla 1.5.6 full package now (http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-Stable-Full_Package.zip) Downlaod update packages (http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=3883) Release Notes SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length. Manual Installation For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files: /components/com_user/models/reset.php /changelog.php /includes/framework.php /administrator/includes/framework.php /libraries/joomla/version.php /libraries/joomla/environment/uri.php This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.

Read original post at source site... http://www.joomla.org/index.php?option=com_content&task=view&id=5235&Itemid=74.

Comments (0) >>

Write comment

Name

Email

Website

Title

Comment

Write the displayed characters

Add Comment