Joomla Update on Thursday, October 22, 2015
This is just a heads up that there's an important Joomla update coming out on Thursday. We'll start applying to it to websites Thursday night:
Important Security Announcement - Patch Available Soon (joomla.org)
A Joomla 3.4.5 release containing a security fix will be published on Thursday 22nd October at approximately 14:00 UTC
The Joomla Security Strike Team (JSST) has been informed of a critical security issue in the Joomla core.
Since this is a very important security fix, please be prepared to update your Joomla installations next Thursday.
Until the release is out, please understand that we cannot provide any further information.
And this:
[20140903] - Core - Remote File Inclusion
Posted: 30 Sep 2014 12:00 PM PDT
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Exploit type: Remote File Inclusion
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7228Description
Inadequate checking allowed the potential for remote files to be executed.Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Our team will be contacting clients that will be affected.
-Tony
