Joomla! 3.4.7 is now available - it's an another security release of the Joomla 3.x series that address a critical security vulnerability.
This release only contains the reported security fixes and additional security hardening of the UploadShield sytem (MySQLi driver).
No other changes have been made compared to the Joomla 3.4.6 release.
Since the recent Joomla update it has become clear that the root cause is a bug in PHP itself. But the only sites affected by this bug are those hosted on vulnerable PHP versions. This release fixes the bug across all supported PHP versions.
It is very important to update the current version of Joomla immediately. Without the update your site is open to being hacked!
If you're using Joomla 3 - update it to version 3.4.7 immediately.
Joomla 1.5 or 2.5 - you need to update one file in order to make it secure.
The file to be patched is located in:
Read how to patch Joomla 1.5 and 2.5:
- You can upload the .zip file to the root of your Joomla installation and then extract it directly there. The full path is in the .zip package.
- Alternatively you can:
- extract the Joomla 1.5 or Joomla 2.5 patch on your disk (links are provided above in this post)
- login to your ftp server and navigate where Joomla is located
- browse to the /libraries/joomla/sessions/ folder
- replace your current session.php file with the new session.php file you extracted from the .zip.
If you have any questions or thoughts leave a comment!