oss-sec mailing list archives

Re: Fwd Joomla! Security News 2012-01

From: Henri Salo <henri () nerv fi>
Date: Wed, 25 Jan 2012 17:01:14 +0200

On Wed, Jan 25, 2012 at 04:17:47PM +0200, Henri Salo wrote:

Does someone know if these already have CVE-identifiers? Joomla just released this advisory.


This is why I don't like Joomla. They jumped from 1.7 to 2.5.0 and support for 1.7.x is following:

"Please note that version 1.7 will reach end of life on 24 February 2012."

EOL for 1.7.x means also 1.6.x, which both are still heavily uesd.

http://www.joomla.org/download.html
http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html

Joomla is part of oCERT "The oCERT team is a volunteer-based force of well-known security professionals from major Open 
Source projects, vendors and the security community."

Basicly the end of support for 1.7.x and 1.6.x means that if you go to support-forum and ask something you will be 
asked for your software version number and if it isn't 2.5.0 they will tell you to upgrade, before you will get more 
help.

- Henri Salo

Current thread:

Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
- Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 25)
  - Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
  - Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
    - Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 29)