The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.8 [Wohnaiki]. This release contains a number of bug fixes and two moderate-level security fixes. It has been around two months since Joomla 1.5.7 was released on September 9, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community. 

Download

Click here to download Joomla 1.5.8 (Full package) »

Click here to find an update package. »

Instructions

• New installation and technical requirements
• Upgrade from an existing Joomla 1.5 version
• Migration from Joomla! 1.0.x

Want to test drive Joomla? Try the online demo. Documentation is available for beginners.

Release Notes

View past release notes for Joomla 1.5.7 or release notes for Joomla 1.5.6.

Security

• Two moderate-level security issues were fixed in this release:
  
  • Default filtering for content
  • Filtering for Web Link descriptions

Components

• Articles: Remove brackets around Last Updated date and time, Start Publishing date corrections for other than UTC 00:00, hit counts correct for Articles, adding a space after a cloaked email address
• E-mail addresses: Correctly cloaked when presented in Section and Category descriptions
• Categories: Edit icon correctly shows for Articles without Title links, Print icon correct now on first page for Blog Layout
• Sections: Plural and singular form correction, Category link properly ended, Router changes reverted to version 1.5.6 so Article ID does not append to the Article slug
• Frontpage: Article assignment correction, corrected number of Links
• Contacts: Image display correction when Image Directory is configured
• RSS Feed: Corrected spelling of Category in Category feed
• User: Added isInternal checking on referer values
• Weblinks: Language strings

Modules

• Feed: Target attribute validation, language string correction
• Login: ItemID is preserved on redirect
• Menu: Changing Menu Link Type now functions properly, Section Language string, Article Reset button working
• Related Items: Keyword matching functions correctly and filters characters appropriately
• Stats: Corrected Time
• Sections: No authorization parameter works correctly
• Search: Form validates correctly for Transitional xHTML

Legacy

• Return statement added for Legacy Menu Check

Templates

• Beez: Lengthened E-mail Content Popup, Search button now works when pressed, password reset works correctly, corrections to Beez HTML folders, User details page corrected
• JA_Purity: Added missing language strings

Administrator

• Console: Added "Welcome to Joomla!" information and Joomla Security RSS feeds to Administrator Console
• Installation: Proper deletion of component directories, default entries for Templates and Languages are now correct for uninstall
• Media Manager: Changed default for new sites to disable Flash multi-file uploader due to incompatibility with Flash 10
• Installation: Remove confusing error message about language files for extension installations, Administrator Modules now correctly uninstall INI files
• Sample data: Updated news feeds to point to free software community sites, extensive corrections and updates to sample content

System

• API: JFolder::files and JFolder::folders corrections for Search, missing Method added to JRecordSet, Database Class correctly quotes names not using dot notation, JTableUser matches using the correct number of fields
• Cache: Correct undefined variable in Cache Class
• Language file: Corrected wording, correct installation of PDF fonts independent of language choices, several language string corrections in en-GB.ini
• Menu: Performance improvements for sites with many menu items
• Users: Temporary Users are now able to logout, secure protocol can now be used when editing account details
• Added PHP 4 compatibility for isInternal checking

Statistics

Statistics for the 1.5.8 release period:

• Joomla 1.5.8 contains:
  • 71 issues fixed in SVN
  • 26 commits
• Tracker activity resulted in a net decrease of 4 active issues:
  • 65 new reports
  • 130 closed
  • 66 fixed in SVN
• At the time the 1.5.8 release was packaged, the tracker had 114 active issues:
  • 44 open
  • 44 confirmed
  • 24 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug with Joomla, find out more information here on how to report the bug.

Active members of the Joomla Bug Squad during this last release cycle include: Ian MacLennan and Mark Dexter co-leads; Airton Torres, Arno Zijlstra, Akarawuth Tamrareang, Alan Langford, Anthony Ferrara, Amy Stephen, Andrew Eddie, Elin Waring, Ercan Ozkaya, Charl van Niekerk, Gergo Erdosi, Hannes Papenberg, Jennifer Marriott, Jens-Christian Skibakk, Jonah Braun, Joseph LeBlanc, Kevin Devine, Marijke Stuivenberg, Mati Kochen, Mickael Maison, Robin Muilwijk, Samuel Moffatt, Shantanu Bala, Toby Patterson, and Wilco Jansen.

A warm welcome to the newest members of the Joomla Bug Squad: Dan Walker, Eduardo Diaz, and Tibor Toth.

Each year Packt Publishing opens the voting booths for users everywhere to cast votes for the best content management system. There are a number of very qualified contenders in each of the categories including CMS Made Simple, Plone, and Drupal. This year, Joomla took the runner-up prize in the categories of Best Overall Open Source CMS Award and the Best PHP Open Source CMS (tied with CMS Made Simple). This results in a total prize winnings of $3500 to the Joomla Project.

Even though Joomla has taken home several Packt Awards in the past, Joomla Core Team member Andrew Eddie asserted, "This has made me more determined to do better next year."

Also, Joomla developer Johan Janssens was awarded the Open Source MVP 2008 prize, a new category in this year's awards, for his outstanding contributions to Joomla.

We at the Joomla Project would like to thank all of our wonderful users to voting for us and a big congratulations goes to Drupal for taking first place in the Best Overall Open Source CMS Award category. We also want to congratulate all the other winners.

Joomla Core Team member Brad Baker summed it up, "The future is bright for open source content management systems like Drupal and Joomla, whichever you use."

You may have noticed the Joomla Shop recently got a facelift to match the new Joomla.org front page design. Now, to really perk it up we've added new items too.

When your house doesn't seem to have enough official Joomla merchandise, the Joomla Shop has you covered. Expanding the offerings of the shop are three cool new products, guaranteed to make you the envy of open source enthusiasts everywhere.

Autumn is coming, and with it the brisk weather and need for an awesome Joomla-embroidered lightweight jacket. The Men's R-Tek Fleece Jacket is made from recycled material so it's both stylish and eco-friendly.

For those Joomla supporters who need to lug books, a computer, files, and more around, look no further than the new urban backpack. The Joomla Urban Backpack has a padded computer case, MP3 player pouch and chest/waist straps to make it useful on hikes. And, of course, it also has the beautiful Joomla logo embroidered on the front.

Women do Joomla too, and the shop hasn't forgotten that. Adding to the fall outerwear options is the Women's Soft Touch Hoodie. This hoodie is made from Pima cotton, and due to its infusion of Modal fibers it's luxuriously soft.

Support Joomla by patronizing the shop, and get some great stuff in return.

The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.7 [Wovusani]. This is a security release and contains a number of bug fixes, improvements as well as security fixes. It is strongly recommended that users immediately upgrade. It has been nearly four weeks since Joomla 1.5.6 was released on August 12, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

Instructions

• New installation
• Upgrade from an existing Joomla 1.5 version
• Migration from Joomla! 1.0.x

Click here to download Joomla 1.5.7 (Full package) »

Click here to find an update package. »

Want to test drive Joomla? Try the online demo. Documentation is available for beginners.

Release Notes

Security

• Several security issues were fixed in this release. There was 1 critical, 1 major and 2 moderate security vulnerabilities fixed in 1.5.7. For more information, visit the Security Center.

Articles

• com_content: Metadata handling; Alias not copied for Articles
• String Escaping: External links; Titles; Alt tags missing on images
• Blog Layout: Article Page break; new Left-to-Right option; Breadcrumbs; Archive Intro Text formatting issues; Section Blog Article links
• Submit Article: Article Order Drop-Down List on Front End Shows Archived and Trashed Articles; Preview edited Article does not use Template Editor.css
• RSS Feed: Publish Date fix; External URLs rendering incorrectly
• SEO: Index and Follow Meta Tag for Print View

Modules

• Show_noauth problem; Module Deletion after uninstall; Colspan in mod_latest; Copy Newsflash Module
• Name and Username in mod_login; Menu item is locked after closing
• Search: Textfield Width Parameter; Show Search Results option; Category Search

Legacy

• Menu Access Rights Corrections; Menu Separator shows as Link

Templates

• Beez: Contact Image; Typo in Attribute value; Newsflash Article URL
• ja_purity: e-Mail and Print Button files; Default Article Layout does not display Edit Icon for Authors; Site Logo Text goes under Header background; Top menu
• UPDATE (Sept. 10, 2008): New function countMenuChildren() added for hiding empty split menus

Administrator

• $row is not Initialized
• Help: Latest Version check; Help Key Reference Update for Modules: New Screen
• Configuration: Time Zone correction
• Media Manager: Base path missing slashes
• Sample Content: Outdated Links in "Welcome to Joomla", Newsfeed Fixes, several updated articles and statistics
• Installation: Remove confusing error message about language files for extension installations

System

• IIS 6 and IIS 7: JRoute::_() and Application Redirect() fixes
• Parameter Types: SQL, Textarea for Templates
• E-mail: JMail class ignores JConfig.sendmail path for sendmail; Incorrect SEF URLs for outgoing recommendation e-mails
• API: JHTMLSelect fix; queryBatch logging in debug mode; JSite::getParams(); strpos(); setMetadata creates duplicate meta tags; $row is not initialized
• XML-RPC client ID is too high; Profiling J1.5 framework; $row is not initialized
• Cache: JCacheStorageFile::gc flawed logic in cache expiry; Clean Cache file with Cache Manager

UPDATE (Sept. 12, 2008): For FAQs about this release, see http://docs.joomla.org/Category:Version_1.5.7_FAQ

As announced earlier, Joomla was nominated for the Packt Publishing Best Overall Open Source CMS and Best PHP Open Source CMS awards. Thanks to our awesome community support, we're finalists in two categories. Voting for the final round has begun and we need all the help we can get.

This is the time to show your support for your favorite CMS. Click here to vote for Joomla for the Best Overall Open Source CMS and then click here to vote for Joomla as the Best PHP Open Source CMS. You can vote in both categories.

Help us spread the word about Joomla by using the banners below on your Web site. Choose the size that fits best and add one of the following links:

Vote for the Best Overall Open Source CMS

http://www.packtpub.com/article/overall-open-source-cms-award-final-joomla

Vote for the Best PHP Open Source CMS

http://www.packtpub.com/article/best-php-open-source-cms-award-final-joomla

Happy third birthday, Joomla!

The Joomla Project is pleased to introduce a new team focused solely on managing and improving Joomla security?the Joomla Security Strike Team?and their new home at the Joomla Security Center.

The JSST replaces the previous Joomla Security Team by assembling a top-notch group of Joomla experts, complemented by security talent recruited from outside Joomla. Together, part of their goal is to investigate and respond to security matters.

JSST leader Anthony Ferrara is excited about what this means for Joomla security. "We're already well into our first mission?a low-level code audit and a deeper look into every reported vulnerability since 1.5.0 alpha."

The new JSST will call the new Joomla Security Center their home base. The Security Center provides a public presence for security issues and a platform for the JSST to help the general public better understand security and how it relates to Joomla. The Security Center also offers users a clearer understanding of how security issues are handled. There's also a news feed, which provides subscribers an up-to-the-minute notification of security issues as they arise.

"The Joomla Core Team has been planning a new security team for a few months now in order to improve efficiency and effectiveness. The previous team worked in relative isolation, but the new Strike Team will have a strong public-facing presence," said Ferrara.

But the JSST won't stop there. They fully expect the Joomla community to do its part in reporting vulnerabilities and have created a form for such reports. For each verified security issue reported, the JSST will send the user a free Joomla t-shirt.

Ferrara said, "Security is a perpetual process. We're going to make Joomla even better than it already is."

1. More user-centric design: The top portion of the home page focuses on directing users in Joomla's three primary user groups: Beginner, Intermediate & Advanced. These are three top-level "funnels" for quickly getting users to relevant content.
2. Consolidation of resources: As the previous sites grew, the architecture became more convoluted and pages with redundant resources were created or, conversely, related information was strewn across several pages. A consolidation of information should help users more logically find what they need.
3. More resources brought up to the home page: The previous home page gave users Joomla news and not much more. The lower portion of the new home page brings forward content from many of Joomla's most important aspects. Repeat visitors can get the latest information from a multitude of sources all at a glance.
4. More overall integration: Each of the Joomla sites has differing approaches to resolving unique informational and navigational aspects. When taking into consideration the evolution and overall growth of our group of sites, we have taken a hard look of the complexities and how to resolve those in a manner to give the best user experience.
5. Compliance with W3 standards: Joomla template pages validate according to the XHTML 1.0 Transitional standard. Check it out.

1. Joomla Shop at shop.joomla.org - Update planned by next week.
2. Joomla Demo at demo.joomla.org - Update planned by next week.
3. Joomla Community Portal at community.joomla.org - Coming soon.
4. Joomla Developer Network at developer.joomla.org - Coming soon.
5. Joomla Extensions Directory at extensions.joomla.org - Coming soon.
6. Joomla Discussion Forums at forum.joomla.org - Coming soon.
7. Joomla Documentation Wiki at docs.joomla.org - Coming soon.

The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

For more information about this exploit, click here to visit the Joomla Security Blog.

Instructions

• New installation
• Upgrade from an existing Joomla! 1.5 version
• Migration from Joomla! 1.0.x
• See below for manual installation instructions

Download the Joomla 1.5.6 full package now

Download update packages

Release Notes

• SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.

Manual Installation

Download the Joomla! 1.5.6 Security Patch changed files only

For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:

		components/com_user/models/reset.php
		changelog.php
		includes/framework.php
		administrator/includes/framework.php
		libraries/joomla/version.php
		libraries/joomla/environment/uri.php

This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.