Ike.ninja

The Joomla! Project is pleased to announce the availability of Joomla! CMS 3.1.0 Stable. Joomla 3 is the latest major release of the Joomla CMS, with Joomla 3.1 the second minor release in this series. The Production Leadership Team’s goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.

Please note that going from Joomla 3.0 to 3.1 is a one-click upgrade with backward compatibility and is NOT a migration. The same is true is for any subsequent versions in the Joomla 3 series. If you’re running a Joomla 3.0 site, please use the one-click upgrade to get the new features and the latest bugs fixes for 3.1.

Download

New Installations: Click here to download Joomla 3.1.0 (Full package) »

Update Package: Click here to download Joomla 3.0.x to 3.1.0 (Update package) »

Note: Please read the instructions below.

Note: Just in case you need it, we also have 3.0.4 packages available. Version 3.0.4 is exactly the same as version 3.0.3 except that the seven security fixes listed below have been added. We encourage all 3.0 users to upgrade from 3.0 to 3.1 right away as 3.1 contains the security fixes and is a one-click upgrade with full backward compatibility support from 3.0.

Instructions

• New installation and technical requirements
• FAQ on updating from 2.5.x (if desired).  Please read the entire FAQ to get all the pertinent information.
• Migration from Joomla! 1.5.x

Want to test drive Joomla? Try the online demo or the Joomla JumpBox. Documentation is available for beginners.

Please note that you should always backup your site before upgrading.

What are the new features of Joomla! 3.1?

• 29855 – Tags (click here to see the recent blog post about it)
• 30298 – Added note form field
• 29822 – Show logs in debug console
• 30085 – Refactor installation to use new application and MVC classes
• 29965 – Added pagination in COM_SEARCH component
• 29770 – Added triggers on save for com_config
• 30230 – JPlugin autoloadLanguage property
• 28924 – Added SQL Server subclass for FinderIndexer
• 30318 – Media wiki package
• 30369 – OpenStreetMap package
• 30364 – UNION ALL feature

Miscellaneous: 28574 – Removed the GeSHi plug-in

What are the other new features of the Joomla! 3 series?

• Incorporation of Twitter Bootstrap into a jui media package.
• A new responsive administrator template–Isis– and interface.
• A new front end template–Protostar– built using Twitter Bootstrap
• Updated accessible template called Beez3
• PostgreSQL Driver. You will be able to run Joomla 3.0 sites using the PostgreSQL database.
• PHP Memcached Driver
• Use of JFeed for feed management rather than SimplePie
• Installation of language packages directly from the extension manager
• Guest user group present by default
• Saving blank articles allowed
• New administrator statistics module
• Update TinyMCE to version 3.5.6
• Continued clean up of older unused code, files and database fields and tables and improved standardization of tables.
• Improvements to Smart Search
• Extensive work on code style standardisation and consistency
• Unit testing in the CMS
• Updated system tests in the CMS 
• Multilanguage: adding items associations in remaining core components.
• Language Installation tool for the Joomla Installer.
• Items associations in multi-language
• Allow different update packages for different version dev levels

What security issues have been fixed in Joomla! 3.1?

• Moderate Priority – Core – XSS Vulnerability. More information »
• Moderate Priority – Core – DOS Vulnerability. More information »
• Low Priority – Core – XSS Vulnerability. More information »
• Low Priority – Core – Information Disclosure. More information »
• Low Priority – Core – XSS Vulnerability. More information »
• Low Priority – Core – Privilege Escalation. More information »
• Low Priority – Core – XSS Vulnerability. More information »

What bugs have been fixed in Joomla! 3.1?

There are a whopping 242 bug fixes for Joomla 3.1.  Because of the large number of fixes, we have listed them separately on the following page:

http://developer.joomla.org/version-3-1-0-release-notes.html

How can I update from Joomla! 3.0 to 3.1?

Joomla 3.0 to 3.1 is a one-click upgrade with backward compatibility and is NOT a migration. The same is true is for any subsequent versions in the Joomla 3 series. Thus, if you’re running a Joomla 3.0 site, please one-click upgrade, within the Joomla! Update component, to Joomla 3.1 to get the new features and the latest bugs fixes.

What is the status of Joomla! 2.5?

Version 2.5 of the Joomla! CMS is a Long Term Support release and support for it will continue until shortly after the release of Joomla 3.5 scheduled for Spring 2014. Joomla 2.5 users do not need to migrate to Joomla 3.1.

Will I be able to update directly to Joomla! 3 from Joomla! 2.5?

Moving to Joomla 3.x from Joomla 2.5 will be a mini-migration not an upgrade, although for the core of Joomla! the migration should be simple. However, it is likely that templates for Joomla 2.5 will need modification to work with Joomla 3 as will many extensions. Always test prior to migrating and consult with the developers of any extensions and templates you use.

What is the status of Joomla! 1.5?

Support for Joomla 1.5 ended in April of 2012 and we continued to support it unofficially until the end of 2012 for medium to high priority security issues.  

Does that mean your 1.5 site will suddenly stop working? No, your site will continue to work as it always has. However, Joomla’s developers will not be releasing new versions for Joomla 1.5, so you won’t be getting bug fixes or security fixes. For this reason, it’s recommended to migrate from 1.5.

Moving from 2.5 to any Joomla 3 version is relatively simple, since Joomla has made the process easy for newer versions. Unfortunately, moving from 1.5 is not a trivial task. Fortunately, there are two good extensions that make the process easier: jUpgrade and SPUpgrade.

You have a choice of going straight to Joomla 3.0 or going to 2.5 first.  Both jUpgrade and SPUpgrade have versions ready for both versions.  Please consult with their documentation on how to migrate from Joomla 1.5 to 3.0/2.5.

For most new/migrated sites, the Joomla! 3 series is the preferred series and starting on it avoids a mini-migration from Joomla 2.5 later down the road. Starting on the Joomla 3 series for a new/migrated site, also provides you with longer backward compatible support (with one-click upgrades) than starting a new site on 2.5 right now, because support for 3.x ends in 2016.

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the Joomla! CMS Issue Tracker.

Active members of the Joomla Bug Squad during past 3 months include: Akarawuth Tamrareang, Aleksander Linkov, Alonzo Turner, Andrea Tarr, Andrew Matthew, Angelika Reisiger, Artur Alves, Arunas Mazeika, Ashan Fernando, Ashwin Date, Ben Tasker, Benjamin Trenkle, Brian Teeman, Chad Windnagle, Chris Smith, Constantin Romankiewicz, David Hurley, Dennis Hermacki, Don Gilbert, Edgars Piruška, Elijah Madden, Elin Waring, Emerson Rocha Luiz, George Wilson, Harald Leithner, Jacques Rentzke, Janich Rasmussen, Javier Gómez, Jean-Marie Simonet, Jon Neubauer, Julien Vonthron, Jurian Even, Kevin Griffiths, Khai Vu Dinh, Lu Nguyen, marco dings, Marijke Stuivenberg, Mark Dexter, Michael Babker, Mihàly Marti, Mihir Chhatre, Mike Biolsi, Nick Savov, Ofer Cohen, Parth Lawate, Patrick Alt, Peter van Westen, Piotr Konieczny, Ram Tripathi, Richard McDaniel, Robert Deutz, Robert Gastaud, Roberto Segura, Roland Dalmulder, Ruth Cheesley, sajal soni, Seth Warburton, Stefania Gaianigo, Tessa Mero, Thomas Hunziker, Thomas Jackson, Tobias Zulauf, Tom Hutchison, Valentin Despa, Yannick Gaultier.

Bug Squad Leadership: Mark Dexter and Nick Savov, Co-Coordinators. Super-star contributors and leaders by example: Jean-Marie Simonet, Elin Waring, David Hurley, and Brian Teeman.

Joomla! Security Strike Team

A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla secure. Members include: Airton Torres, Alan Langford, Andrea Tarr, Bill Richardson, David Hurley, Elin Waring, Gary Brooks, Jason Kendall, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Michael Babker, Nick Savov, Pushapraj Sharma, Rouven Weßling.

This release is the result of thousands of hours of work by dozens of volunteers. Thank you so very much for making Joomla the best CMS on the planet!

How can you help Joomla! development?

There are a variety of ways in which you can get actively involved with Joomla! It doesn’t matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager, David Hurley, [email protected], to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.

The Joomla Bug Squad is one of the most active teams in the Joomla development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla, and also a great way to meet new people from all around the world.

If you are interested, please read about us on the Joomla Wiki and, if you wish to join, email Mark Dexter, one of the Bug Squad co-coordinators.

You can also help Joomla development by thanking those involved in the many areas of the process. The project also wants to thank all of the people who have taken the time to prepare and submit work to be included in Joomla 1.6,1.7, 2.5, & 3.0, 3.1, and to those who have worked very hard on the Joomla Framework.

The Joomla Project is pleased to announce the immediate availability of Joomla 2.5.10. This is a security release. The Production Leadership Team’s goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.

The update process is very simple, and complete instructions are available here. Note that there are now easier and better ways of updating than copying the files with FTP.

Download

New Installations: Click here to download Joomla 2.5.10 (Full package) »

Update Package: Click here to download Joomla 2.5.10 (Update package) »

Note: Please read the update instructions before updating.

Instructions

• New installation and technical requirements
  
• Migration from Joomla! 1.5.x

Want to test drive Joomla? Try the online demo or the Joomla JumpBox. Documentation is available for beginners.

Please note that you should always backup your site before upgrading.

Release Notes

Check the Joomla 2.5.10 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.

Statistics for the 2.5.10 release period

• Joomla 2.5.10 contains:
  • 7 security issues fixed
  • 38 tracker issues fixed

All 2.5 Help Screens Now Complete!

Thanks to heroic efforts by George Wilson and Tom Hutchison, we are pleased to announce that the online help screens for version 2.5 are 100% complete. If you have corrections or improvements to these screens, just register on the Wiki at docs.joomla.org and start editing.

Security Issues Fixed

• Moderate Priority – Core – XSS Vulnerability. More information »
• Moderate Priority – Core – DOS Vulnerability. More information »
• Low Priority – Core – XSS Vulnerability. More information »
• Low Priority – Core – Information Disclosure. More information »
• Low Priority – Core – XSS Vulnerability. More information »
• Low Priority – Core – Privilege Escalation. More information »
• Low Priority – Core – XSS Vulnerability. More information »

Tracker Issues Fixed

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the Joomla! CMS Issue Tracker.

Active members of the Joomla Bug Squad during past 3 months include: Akarawuth Tamrareang, Aleksander Linkov, Alonzo Turner, Andrea Tarr, Andrew Matthew, Angelika Reisiger, Artur Alves, Arunas Mazeika, Ashan Fernando, Ashwin Date, Ben Tasker, Benjamin Trenkle, Brian Teeman, Chad Windnagle, Chris Smith, Constantin Romankiewicz, David Hurley, Dennis Hermacki, Don Gilbert, Edgars Piruška, Elijah Madden, Elin Waring, Emerson Rocha Luiz, George Wilson, Harald Leithner, Jacques Rentzke, Janich Rasmussen, Javier Gómez, Jean-Marie Simonet, Jon Neubauer, Julien Vonthron, Jurian Even, Kevin Griffiths, Khai Vu Dinh, Lu Nguyen, marco dings, Marijke Stuivenberg, Mark Dexter, Michael Babker, Mihàly Marti, Mihir Chhatre, Mike Biolsi, Nick Savov, Ofer Cohen, Parth Lawate, Patrick Alt, Peter van Westen, Piotr Konieczny, Ram Tripathi, Richard McDaniel, Robert Deutz, Robert Gastaud, Roberto Segura, Roland Dalmulder, Ruth Cheesley, sajal soni, Seth Warburton, Stefania Gaianigo, Tessa Mero, Thomas Hunziker, Thomas Jackson, Tobias Zulauf, Tom Hutchison, Valentin Despa, Yannick Gaultier.

Bug Squad Leadership: Mark Dexter and Nick Savov, Co-Coordinators. Super-star contributors and leaders by example: Jean-Marie Simonet, Elin Waring, David Hurley, and Brian Teeman.

Joomla! Security Strike Team

A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla secure. Members include: Airton Torres, Alan Langford, Andrea Tarr, Bill Richardson, David Hurley, Elin Waring, Gary Brooks, Jason Kendall, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Michael Babker, Nick Savov, Pushapraj Sharma, Rouven Weßling.

• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: Denial of service vulnerability
• Reported Date: 2013-February-18
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3242

Description

Object unserialize method leads to possible denial of service vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-February-15
• Fixed Date: 2013-April-24
• CVE Number: None

Description

Use of old version of Flash-based file uploader leads to XSS vulnerability.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

• Project: Joomla!
• SubProject: All
• Severity: Moderate
• Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
• Exploit type: XSS Vulnerability
• Reported Date: 2013-March-9
• Fixed Date: 2013-April-24
• CVE Number: CVE-2013-3058

Description

Inadequate filtering allows possibility of XSS exploit in some circumstances.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.