Joomla! 1.5.7 has been released

Joomla! 1.5.7 has been released over at www.Joomla.org

Joomla 1.5.7 addresses several SECURITY issues reported and is now fixed in Joomla 1.5.7

If you are running any other Joomla 1.5.x version you MUST UPGRADE to Joomla 1.5.7 or your site can and probably will be compromised, or used as a spam engine!

See bug http://www.virtualmin.com/bugs/index.php?do=details&task_id=4555

this is very important, because this morning at 04.29 local time apparently someone had changed my admin password and blocked the login for the second admin.

I upgraded and replaced the database with yesterdays backup.
All is well now and no further damage has been done past 12 hours.

there is a critical bug (0-day) in the older versions

We’ll roll out a 3.61-2 update today with this fix (and the Wordpress security update, as well).

Today is tomorrow I know how it goes; I checked for updates; still show 3.61(pro) didn’t show -1?

Can you make a link available for the Joomla 1.5.7?

Thanks; you guys Rock!

Jeff

Is 3.61-2 on the way?

(And ps. VM2 now that i write here anyways)

the patch for joomla or full dl cab be obtained here:
http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html

this can’t wait really as a blackhat guy had gained entrance to one of my domains.

If you read my bug report you will find a answer…

http://www.virtualmin.com/bugs/index.php?do=details&task_id=4555

I usually don’t post them for funzies.

If we upgrade using the Joomla patch VM will not show the update; my question is; when it becomes available and if we apply it so VM is right; will it work right. I’m just not sure about patching if manually at this point; but I can’t wait for someone to hack my sites either.

VM WILL show the update – seriously people I will not lead you astray here. Just do it and stop complaining about this.

Links are there for a reason when I post them :slight_smile: It cuts down on repeating exactly what you did.

Two of my sites got owned and both were defaced, one had a malicious javascript added to the template index. Fortunately the Joomla passwords were not the same as the server passwords.

Wiped both Joomla installs, installed 1.5.6 and patched to 1.5.7, all good so far.

Guess I should thank the invaders for merely defacing the sites, they could have been clever instead and turned the scripts to their advantages by installing some custom modules. Something like that could go unnoticed for a long time.

On a side note, I have noticed some unusual requests in Awstats 404 section relating to Joomla, and quite a few referrers coming from Google "Powered by Joomla".

People are going nuts with whatever new exploit is out. If you use Joomla you should patch yourself with the quickness.

We rolled out 3.61-2 with Joomla 1.5.7 (and the Wordpress security update) several days ago. In this case, there’s need to manually patch–just stay on top of updates via the Virtualmin Package Updates module.

Sorry I didn’t read the posted link; now I understand; yes it worked great; Thanks.

Just for others;
Edit your joomla.pl

/usr/share/webmin/virtual-server/scripts/joomla.pl
or like mine
/usr/libexec/webmin/virtual-server/scripts/joomla.pl

Line 22:
return ( "1.5.7", "1.0.15" );

Line 142:
"http://joomlacode.org/gf/download/frsrelease/8376/30992/Joomla_$ver-Stable-Full_Package.tar.gz" } );

I guess we don’t need to ask for an update; we can just edit it ourself if we need too.

Jeff

Sorry I didn’t read the posted link; now I understand; yes it worked great; Thanks.

Just for others;
Edit your joomla.pl

/usr/share/webmin/virtual-server/scripts/joomla.pl
or like mine
/usr/libexec/webmin/virtual-server/scripts/joomla.pl

Line 22:
return ( "1.5.7", "1.0.15" );

Line 142:
"http://joomlacode.org/gf/download/frsrelease/8376/30992/Joomla_$ver-Stable-Full_Package.tar.gz" } );

I guess we don’t need to ask for an update; we can just edit it ourself if we need too.

Jeff