Security Update to Joomla 2.5.15

Make sure to update your Joomla site as soon as possible.

his is a security release addressing three security issues. The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.

The update process is very simple, and complete instructions are available here. Note that there are now easier and better ways of updating than copying the files with FTP.

Download

New Installations: Click here to download Joomla 2.5.15 (Full package) »

Update Package: Click here to download Joomla 2.5.15 (Update package) »

Note: Please read the update instructions before updating.

Instructions

Joomla! 3.2.0 Released

Joomla has released it newest version of Joomla 3.2.0 Stable today.   You can download it here:

 

New Installations: Click here to download Joomla 3.2.0 (Full package) »

Update Package: Click here to download Joomla 3.1.x to 3.2.0 (Update package) »

 

Joomla 3 is the latest major release of the Joomla CMS, with Joomla 3.2 the third minor release in this series. The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.

A big thank you goes out to everyone that contributed to Joomla 3.2! Joomla 3.2 is our largest release ever, in terms of bug fixes and new features. Since the release of 3.1.5, over 1085 commits have been made to the code base with 50 different people contributing to commits (not including testers and other non-coding activities). And best of all is that the new features are awesome!

Joomla 3 is the latest major release of the Joomla CMS, with Joomla 3.2 the third standard-term support release in this series. Please note that going from Joomla 3.1 to 3.2 is a one-click upgrade and is NOT a migration. The same is true is for any subsequent versions in the Joomla 3 series.

 

Security improvements for Joomla - Move your Configuration file outsite the public files

This is a core hack. Files you change as described on this page will be overwritten during updates of Joomla!
This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file. The first step is to move the file. If you use a host with cPanel, then your webroot is /home/USERNAME/public_html, where USERNAME is your cPanel username. (The tip is easy to adapt to other hosting environments too, ask us, if you don't know, how!) Joomla can access files located at /home/USERNAME, but those files cannot be directly accessed from the Internet. Login to your favorite FTP program and download your configuration.php from /home/USERNAME/public_html/configuration.php . Rename it to 'site.conf' then upload it to /home/USERNAME/site.conf. Now that we've uploaded it to the new location we need to edit the original configuration.php file. Open it in your favorite text editor and replace the contents of the file with the following:
		 require( '/home/USERNAME/site.conf' ); ?>
Make sure to replace USERNAME with your cPanel username. Then upload the new file to /home/USERNAME/public_html/configuration.php. At this point your site should still function normally. Next, we need to make the file unwritable by the server. Most FTP programs allow you to do this. Right-click on the /home/USERNAME/site.conf file and select the option to edit permissions (normally 'Permissions' or 'Info') andlets the server read the file without any problems, but it will not be able to edit the file. If you ever need to edit the file you will need to change the permissions back to 644 before making your changes. In Joomla 1.5 and newer you can do other things to archive the same result.

Joomla 1.5

  • Create a directory in your domain outside of your public_html directory. You can name it anything you want but it should reflect the site name in some way. We used the name design2-files for the directory name in this example. Note: If you have multiple Joomla installs then each Joomla install you have should have its own directory outside of public_html to contain its configuration.php file.
  • Place a copy of your current configuration.php file, completely unaltered and NOT renamed into this directory. I have permissions set at 644 on the file in this directory and the directory set to 755 permissions. Permissions of 444 on the configuration.php file are also acceptable if that is the current permissions of your configuration.php file.
  • Go to the root/includes/ directory in your Joomla install, backup the file defines.php.
  • Now open the file defines.php in your favorite editor
  • Around line 26 you will see this:
    define('JPATH_CONFIGURATION',JPATH_ROOT);
    Replace it with this:
    define('JPATH_CONFIGURATION',JPATH_ROOT.DS.'../design2-files');
    If Joomla has been installed in a subdirectory under public_html ( public_html/subdirectory/ ) then replace it with this
    define('JPATH_CONFIGURATION',JPATH_ROOT.DS.'../../'.DS.'design2-files');
    The /design2-files is our example subdirectory. Replace this with the name of your subdirectory.
  • Repeat these exact same steps with the defines.php file that is located in the root/administrator/includes/ directory. If you don't do this access to your admin area will be prevented.
  • Go to the root of your installation and rename the configuration.php file to something like somefile.html while testing the modifications.
  • Using a browser, go to your website and test as many pages as you can to make certain it is working correctly.
  • When you are satisfied everything is working properly, delete the old renamed configuration.php file from the root of your Joomla installation.
  • Retest your website thoroughly to make sure everything is still working correctly.
  • Make sure you add the new directory (design2-files in our example) with the configuration.php file in it to your backup job so it doesn't get missed.
  • You can access and modify the Joomla configuration as you would normally from the Joomla administration area. This access will not create a new configuration.php file, but will modify the moved configuration.php file.

Joomla 1.6, 1.7

Overriding defines.php

Starting with version 1.6, it is possible to provide a localized version of the files that reside in includes/defines.php (i.e. includes/defines.php and administrator/includes/defines.php). This makes it possible to move a variety of files outside of document root. The actual process is quite simple, but it is advisable that you make sure you know what you're doing before proceeding. To start, copy the file {ROOT}/includes/defines.php to {ROOT}/defines.php and the file {ROOT}/administrator/includes/defines.php to {ROOT}/administrator/defines.php. Once you have copied the files, it is necessary to edit both new files and add the lines:
define('_JDEFINES', 1);
define('JPATH_BASE', dirname(__FILE__));
underneath the defined('_JEXEC') or die; line.

Setting the path to configuration.php

Now that you have created override files, you can edit them and provide new locations for various directories. The directory we're interested in is JPATH_CONFIGURATION. The default value is defined as:
define('JPATH_CONFIGURATION', JPATH_ROOT);
  To put the configuration file in another location, move the file to its new home and specify the new path. As an example, if your files were in /home/exampleuser/public_html and you wanted to put configuration.php in /home/exampleuser/configuration.php, you would change the JPATH_CONFIGURATION define line to:
define('JPATH_CONFIGURATION', '/home/exampleuser');
Make this change in both files, move the configuration.php file and you're done.

Joomla 2.5.9 Released

http://www.joomla.org/announcements/release-news/5477-joomla-2-5-9-released.html Update your Joomla system today.

Site Search

Contact Us

 
 
 
Parent Technology Inc.
1535 Rosalind Rd Se
East Grand Rapids, MI 49506, USA
 
 

This email address is being protected from spambots. You need JavaScript enabled to view it.