Although this release contains several security fixes, as they are
of a low level nature, this release is still being characterized as a
Stability Release. If you are running a version of Joomla! older than
1.0.11, you should upgrade immediately to at least Joomla! 1.0.11 as
that release addressed several important security issues. If you are
using Joomla! 1.0.11, we recommend that you upgrade to 1.0.12 as it
addresses several long standing bugs and several low level security
issues.
We are also pleased to announce the creation of a new Security Announcements Forum.
As the name suggests, this forum will be used for security
announcements for the Joomla! core and third party extensions. We
strongly encourage that all subscribe
to this forum to ensure that they receive notification of important
security issues as soon as possible. We also encourage you to do same
for all third-party extensions you use, where available.
Release Information
1.0.12 is available as a Full Package,
which contains all Joomla! files or Patch Packages which contain only
the files that have changed since previous Joomla! 1.0.x version.
A More Secure Joomla!
Joomla!
security is getting consistently better. We have dedicated many hours
to ensuring that Joomla! is as secure as it can be. To do this, we
have adopted a two sided approach that includes automated security
tools and manual auditing and revision. For this release, we conducted
a complete audit of all SQL queries, reviewed many aspects of our login
and authentication systems, and conducted several automated scans in
order to make this Joomla! release as secure as possible.
SSL Switchover Support
Joomla!
1.0.12 has reintroduced SSL switchover support. If your website is
setup to serve the same files via HTTP or HTTPS you will now be able to
create SSL secured logins, easily switch between secure and insecure
navigation and do all of your administrative tasks via an SSL protected
connection. A FAQ on how to setup these features will be available
soon in the Security FAQs section of the Joomla! forums.
Joomla! Version Warning
The
version warning system that was added in Joomla! 1.0.11 has been
removed from Joomla! 1.0.12. This version of Joomla! is intended to be
the last release in the 1.0.x series. The 1.0.x is now in security
mode which means that we will not be releasing any more stability
updates. There will only be another version in this series if a
critical security vulnerability is discovered.
Extension Installer Warning
It
is essential that you take a moment after updating the core to check if
your extensions are up to date, and update them if a newer version is
available.
Often newer versions address not only bugs but
security issues as well. You can do this by looking in the components,
modules and mambots installer pages, which display a URL to the
homepage of the authors, or by checking on extensions.joomla.org.
In
order to better educate our users about the security risks that can
arise from installing insecure extensions, we have added a warning
message at the top of the extension installers. Please remember, 3rd
party extensions must be kept up to date just like Joomla! and updating
your Joomla! installation(s) will not update the 3rd party extensions
installed on your sites.
For a list of extensions that have known security issues please see the List of Vulnerable 3rd Party Extensions.