Joomla! 1.6 update closes security holes
The Joomla! developers have released version 1.6.4 of their open source content management system (CMS), a maintenance and security update to the 1.6 branch. The latest version addresses a total of four security vulnerabilities.
The vulnerabilities include two medium priority cross-site scripting (XSS) issues, a medium priority problem related to inadequate permission checking that could allow for unauthorised access, and a low priority information disclosure hole caused by inadequate filtering. Versions up to and including 1.6.3 are reportedly affected. All users are advised to update as soon as possible.
Joomla! is a widely used and easily deployed PHP-based CMS, which can be used to create anything from small web sites to corporate sites and large online applications. Examples of how it is being used can be found in the Community Showcase.
Further details about the update can be found in the official release announcement. Joomla! 1.6.4 is available to download from the project's web site and is released under the GNU General Public License. The Joomla! Project is sponsored by Open Source Matters, Inc., a non-profit organisation.
-  - XSS Vulnerabilities, Joomla! security advisory.
-  - Information Disclosure, Joomla! security advisory.
-  - Unauthorised Access, Joomla! security advisory.
-  - XSS Vulnerability, Joomla! security advisory.