FW: [joomlaug] Critical security update Joomla 2.5.3 just released
21 views
Skip to first unread message
Barbara Heinlein
Mar 16, 2012, 1:46:15 PM3/16/12
to omaha-jooml...@googlegroups.com
Hi everyone,
As I mentioned at our last session, I am on the New England Joomla group distribution list. I have learned a lot reading their emails. This one seems to be extra important, so I thought I would pass it on to our group.
Hazza/Ken — Comments? Have you heard what is driving this release?
Regards,
Barb Heinlein
Phone: (703) 986 8726 // (402) 804 8980
From: Andrea Tarr at Tarr Consulting <at...@tarrconsulting.com>
Reply-To: <joom...@googlegroups.com>
Date: Thu, 15 Mar 2012 09:43:49 -0400
To: Joomlaug <joom...@googlegroups.com>
Subject: [joomlaug] Critical security update Joomla 2.5.3 just released
Reply-To: <joom...@googlegroups.com>
Date: Thu, 15 Mar 2012 09:43:49 -0400
To: Joomlaug <joom...@googlegroups.com>
Subject: [joomlaug] Critical security update Joomla 2.5.3 just released
--If you have a 1.6/1.7/2.5 site, update your sites immediately to the new 2.5.3 security release that just came out. There's a nasty security bug that this release fixes.This is a security only release. Expect another release in a few weeks with bug fixes and features, but do not wait until then to update!Thanks,Andy
You received this message because you are subscribed to the Google Groups "Joomla! User Group New England" group.
To post to this group, send email to joom...@googlegroups.com.
To unsubscribe from this group, send email to joomlaug+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomlaug?hl=en.
Hazzaa
Mar 16, 2012, 12:59:22 PM3/16/12
to Omaha Joomla! User Group
Thanks for the input Barb
This is a Security release
A security issues was found in All Joomla 1.6, All Joomla 1.7 and ALL
versions of Joomla 2.5 prior to 2.5.3
Jeff Channel (Lead developer for http://anythin-digital.com) does a
lot of security audits for many extensions, found this late last week
and forwarded on to the Joomla core security team who put this release
out
They don't typically release details because they don't want hackers
who are unfamiliar with the security hole to start searching up un-
updated sites to hack
Hope that helps
On Mar 16, 12:46 pm, Barbara Heinlein <barbara.j.heinl...@gmail.com>
wrote:
This is a Security release
A security issues was found in All Joomla 1.6, All Joomla 1.7 and ALL
versions of Joomla 2.5 prior to 2.5.3
Jeff Channel (Lead developer for http://anythin-digital.com) does a
lot of security audits for many extensions, found this late last week
and forwarded on to the Joomla core security team who put this release
out
They don't typically release details because they don't want hackers
who are unfamiliar with the security hole to start searching up un-
updated sites to hack
Hope that helps
On Mar 16, 12:46 pm, Barbara Heinlein <barbara.j.heinl...@gmail.com>
wrote:
> Hi everyone,
>
> As I mentioned at our last session, I am on the New England Joomla group
> distribution list. I have learned a lot reading their emails. This one
> seems to be extra important, so I thought I would pass it on to our group.
>
> Hazza/Ken ‹ Comments? Have you heard what is driving this release?
>
> Regards,
> Barb Heinlein
> Phone: (703) 986 8726 // (402) 804 8980
>
> From: Andrea Tarr at Tarr Consulting <at...@tarrconsulting.com>
> Reply-To: <joom...@googlegroups.com>
> Date: Thu, 15 Mar 2012 09:43:49 -0400
> To: Joomlaug <joom...@googlegroups.com>
> Subject: [joomlaug] Critical security update Joomla 2.5.3 just released
>
>
>
>
>
>
>
> > If you have a 1.6/1.7/2.5 site, update your sites immediately to the new 2.5.3
> > security release that just came out. There's a nasty security bug that this
> > release fixes.
>
> > This is a security only release. Expect another release in a few weeks with
> > bug fixes and features, but do not wait until then to update!
>
> > Thanks,
> > Andy
>
> > Andrea Tarr
>
> > Tarr Consulting
> >www.tarrconsulting.com<http://www.tarrconsulting.com>
>
> As I mentioned at our last session, I am on the New England Joomla group
> distribution list. I have learned a lot reading their emails. This one
> seems to be extra important, so I thought I would pass it on to our group.
>
> Hazza/Ken ‹ Comments? Have you heard what is driving this release?
>
> Regards,
> Barb Heinlein
> Phone: (703) 986 8726 // (402) 804 8980
>
> From: Andrea Tarr at Tarr Consulting <at...@tarrconsulting.com>
> Reply-To: <joom...@googlegroups.com>
> Date: Thu, 15 Mar 2012 09:43:49 -0400
> To: Joomlaug <joom...@googlegroups.com>
> Subject: [joomlaug] Critical security update Joomla 2.5.3 just released
>
>
>
>
>
>
>
> > If you have a 1.6/1.7/2.5 site, update your sites immediately to the new 2.5.3
> > security release that just came out. There's a nasty security bug that this
> > release fixes.
>
> > This is a security only release. Expect another release in a few weeks with
> > bug fixes and features, but do not wait until then to update!
>
> > Thanks,
> > Andy
>
> > Andrea Tarr
>
> > Tarr Consulting
Ken Crowder
Mar 16, 2012, 1:42:36 PM3/16/12
to omaha-jooml...@googlegroups.com
Unfortunately, hackers that know anything about Joomla will be able to see what code has changed, thus knowing what security hole was patched. With that said, users are urged to upgrade as soon as possible.
- Kenneth Crowder
- Kenneth Crowder
Groups "Omaha Joomla! User Group" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at
Hazzaa
Mar 16, 2012, 1:54:53 PM3/16/12
to Omaha Joomla! User Group
You're very welcome Barb
Ken you're absolutely right
Anyone using SVN for that matter can tell exactly what has changed.
Developers simply don't want to make it any easier for them ;-)
On Mar 16, 12:42 pm, Ken Crowder <chiefgo...@gmail.com> wrote:
> Unfortunately, hackers that know anything about Joomla will be able to see
> what code has changed, thus knowing what security hole was patched. With
> that said, users are urged to upgrade as soon as possible.
>
> - Kenneth Crowder
>
>
>
>
>
>
>
> On Fri, Mar 16, 2012 at 11:59 AM, Hazzaa <ad...@jvitals.com> wrote:
> > Thanks for the input Barb
> > This is a Security release
> > A security issues was found in All Joomla 1.6, All Joomla 1.7 and ALL
> > versions of Joomla 2.5 prior to 2.5.3
> > Jeff Channel (Lead developer forhttp://anythin-digital.com) does a
Ken you're absolutely right
Anyone using SVN for that matter can tell exactly what has changed.
Developers simply don't want to make it any easier for them ;-)
On Mar 16, 12:42 pm, Ken Crowder <chiefgo...@gmail.com> wrote:
> Unfortunately, hackers that know anything about Joomla will be able to see
> what code has changed, thus knowing what security hole was patched. With
> that said, users are urged to upgrade as soon as possible.
>
> - Kenneth Crowder
>
>
>
>
>
>
>
> On Fri, Mar 16, 2012 at 11:59 AM, Hazzaa <ad...@jvitals.com> wrote:
> > Thanks for the input Barb
> > This is a Security release
> > A security issues was found in All Joomla 1.6, All Joomla 1.7 and ALL
> > versions of Joomla 2.5 prior to 2.5.3
Reply all
Reply to author
Forward
0 new messages