If you took a little break over the holidays from publishing on your Joomla web site, you might have been a little surprised when you logged back in and saw multiple platform updates available. The current stable version of Joomla is now at 3.4.8, if you have anything less, it’s time to update your platform. Unsure what version you have? If you haven’t updated your platform since Christmas – it is out of date.

December Security Updates for Joomla

Joomla has been on a steady release of core platform updates throughout 2015 with [3.4}(https://www.joomla.org/announcements/release-news/5586-joomla-3-4-is-here.html) released February 24th,1 3.4.1 on March 21st,2 3.4.2 on June 30th,3 3.4.3 on July 2nd,4 3.4.4 on September 8th,5 and 3.4.5 on October 22nd.6 However, the month of December saw the release of three updates in rapid succession due to security concerns that needed to be immediately addressed.

  • December 14, 2015: Joomla! 3.4.6 Patched a vulnerability to remote execution as well as several other lower priority security issues.)
  • December 21, 2015: After further research into the vulnerability patched the previous week, developers discovered a critical vulnerability in PHP itself. While the current version of PHP is secure, Joomla! Users on servers with older versions would still be open to attack. Joomla! 3.4.7 secured against this issue for users on servers with older versions of PHP (see quote on the update below.)7
  • December 24, 2015: Joomla! 3.4.8 was released to fix some minor bugs on the previous version. Any time you are pushing so hard, particularly to address a critical issue, there isn’t a lot of time for beta testing for every conflict. I appreciate that the committed core developers pushed right up to the Christmas holidays to release an update that fixed some of the issues users were experiencing.

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of this year (2015) with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (N.B. Fixed in all versions of PHP 7 and has been backported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are releasing a Joomla Update later today which contains additional protection for those users. We do of course recommend that all users apply this update as soon as possible.8

Joomla 3.5 Coming in February

The next major release for Joomla is scheduled to release on February 17, 2016 with support for PHP 7. As web sites have become more full featured and performing more and more functions, the amount of load on the server resources has also increased. PHP 7 is designed to handle a higher load of processes at a significantly higher speed. This infographic on benchmarks from Zend is impressive.

However, the platforms operating on the server will have to be compatible with the new version of PHP, which the Joomla 3.5 release will accommodate. Siteground has already made PHP 7 available on their servers for customers and a number of other platform specific hosting services have done so as well.

Need Help?

Need help with your Joomla site? We offer Joomla maintenance service plans. We will keep your platform up-to-date, take regular back-ups, and address any plugin conflicts that arise after a core update. Contact us today for more information for for help migrating your Joomla site from a previous version.

References Cited
  1. Joomla! 3.4 Released. Joomla!.org. Published February 24, 2015. Accessed January 12, 2016. https://www.joomla.org/announcements/release-news/5586-joomla-3-4-is-here.html []
  2. Joomla! 3.4.1 Released. Joomla!.org. Published March 21, 2015. Accessed January 12, 2016. https://www.joomla.org/announcements/release-news/5587-joomla-3-4-1-released.html []
  3. Joomla! 3.4.2 Release. Joomla!.org. Published June 30, 2015. Accessed January 12, 2016. https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html []
  4. Joomla! 3.4.3 Released. Joomla!.org. Published July 2, 2015. Accessed January 12, 2016. []
  5. Joomla! 3.4.4 Released. Joomla!.org. Published September 8, 2015. Accessed January 12, 2016 []
  6. Joomla! 3.4.5 Released. Joomla!.org. Published October 22, 2015. Accessed January 12, 2016 []
  7. Joomla! 3.4.7 Release. Joomla!.org. Published December 21, 2015. Accessed January 12, 2016. https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html []
  8. Important Security Announcement – Patch Available Soon. Joomla!.org. Published December 21, 2015. Accessed January 12, 2015. https://www.joomla.org/announcements/release-news/5642-important-security-announcement-pre-release-347.html []