Joomla 2.5.8 and 3.0.2 Released (Security Updates)

Joomla 2.5.8 and 3.0.2 were just released today fixing a medium severity security bug related to a clickjacking/XSS vulnerability. You can find more details on their release notes:

If you are not familiar with ClickJacking, Wikipedia explains it well:

Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.

And remember, the leading cause for website compromises is outdated software! So as a website owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sucuri SiteCheck was also updated to alert users not running version 2.5.8/3.0.2 on their Joomla sites.

10 comments

Marvin the Martian says:
November 9, 2012 at 10:42 pm
Logging in as admin, my ‘update’ icon first thinks 1-2sec then shows a tickmark ‘up to date’. Clicking it, it says [copypasta:] “Joomla! Update
No updates available
You already have the latest Joomla! version, 2.5.7.”
So what am I doing wrong?
1. bay area jenn says:
  November 10, 2012 at 3:49 pm
  hover over components and click on “joomla update” – what happens then?
hopy says:
May 3, 2013 at 6:10 am
I are upgrading, hope new version will run better
Y8 says:
May 12, 2013 at 4:15 pm
Many people assume there is nothing to writing a piece of writing, however they’re not professionals.
Friv 4 says:
May 12, 2013 at 5:07 pm
This article was therefore smart. It undoubtedly shows that you just spent plenty of your time in analysis to provide such a fine article. Thank you.
Friv 3 says:
May 12, 2013 at 6:00 pm
I’ve browse plenty of on-line articles on this subject of late. Yours is that the only 1 that basically created sense to ME. Thanks a bunch.
Yepi Friv says:
May 13, 2013 at 4:36 pm
I got so involved in your article that i couldn’t even produce myself
quit reading. thanks for producing such nice quality work.
Friv 2 says:
June 8, 2013 at 9:42 pm
Thanks for let me know it. It is very helpful
Minecraft Jugar says:
September 7, 2013 at 10:32 pm
Right on! And remember, the leading cause for website compromises is outdated software! So as a website owner, you have to do your part to minimize risk and keep your site (and your users) safe.
Para Friv says:
October 1, 2013 at 2:02 pm
Right on! And remember, the leading cause for website compromises is outdated software
Thanks for let me know it. It is very helpful