Joomla! 1.0.12 [ Sunfire ] is available as of Monday the 25th of December 2006 1:00 UTC for download here. The Joomla Team suggests that all Joomla! users upgrade to this version.
Joomla! 1.0.12 features:
- 140+ General Bug Fixes
- Several low level security fixes
- A full security audit of SQL queries
- SSL switchover support
Although this release contains several security fixes, as they are of a low level nature, this release is still being characterized as a Stability Release. If you are running a version of Joomla! older than 1.0.11, you should upgrade immediately to at least Joomla! 1.0.11 as that release addressed several important security issues. If you are using Joomla! 1.0.11, we recommend that you upgrade to 1.0.12 as it addresses several long standing bugs and several low level security issues.
We are also pleased to announce the creation of a new Security Announcements Forum. As the name suggests, this forum will be used for security announcements for the Joomla! core and third party extensions. We strongly encourage that all Joomla! users register on forum.joomla.org and subscribe to this forum to ensure that they receive notification of important security issues as soon as possible. We also encourage you to do same for all third-party extensions you use, where available.
1.0.12 is available as a Full Package, which contains all Joomla! files or Patch Packages which contain only the files that have changed since previous Joomla! 1.0.x version.
A More Secure Joomla!
Joomla! security is getting consistently better. We have dedicated many hours to ensuring that Joomla! is as secure as it can be. To do this, we have adopted a two sided approach that includes automated security tools and manual auditing and revision. For this release, we conducted a complete audit of all SQL queries, reviewed many aspects of our login and authentication systems, and conducted several automated scans in order to make this Joomla! release as secure as possible.
SSL Switchover Support
Joomla! 1.0.12 has reintroduced SSL switchover support. If your website is setup to serve the same files via HTTP or HTTPS you will now be able to create SSL secured logins, easily switch between secure and insecure navigation and do all of your administrative tasks via an SSL protected connection. A FAQ on how to setup these features will be available soon in the Security FAQs section of the Joomla! forums.
Joomla! Version Warning
The version warning system that was added in Joomla! 1.0.11 has been removed from Joomla! 1.0.12. This version of Joomla! is intended to be the last release in the 1.0.x series. The 1.0.x is now in security mode which means that we will not be releasing any more stability updates. There will only be another version in this series if a critical security vulnerability is discovered.
Extension Installer Warning
It is essential that you take a moment after updating the core to check if your extensions are up to date, and update them if a newer version is available.
Often newer versions address not only bugs but security issues as well. You can do this by looking in the components, modules and mambots installer pages, which display a URL to the homepage of the authors, or by checking on extensions.joomla.org.
In order to better educate our users about the security risks that can arise from installing insecure extensions, we have added a warning message at the top of the extension installers. Please remember, 3rd party extensions must be kept up to date just like Joomla! and updating your Joomla! installation(s) will not update the 3rd party extensions installed on your sites.
For a list of extensions that have known security issues please see the List of Vulnerable 3rd Party Extensions.