Joomla! 3.4.7 Released – Important Security Release

Joomla! 3.4.7 is now available! This is a security release for the 3.x series of Joomla which addresses security vulnerabilities. We strongly recommend that you update your sites immediately.

What's new in 3.4.7

Version 3.4.7 is released to address two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.

Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3).

The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. It’s not all hosts keep their PHP installations up to date so this version is released to deal with this issue on vulnerable PHP versions.

Security Issues Fixed

• High Priority - Core - Session Hardening (affecting Joomla 1.5 through 3.4.6)

• Low Priority - Core - SQL Injection (affecting Joomla 3.0.0 through 3.4.6)

Important Notes

It is important to note that due to some session changes you will not be able to edit items until you log out and log back in again. Please note that there has been a backwards compatibility break regarding how session management is handled.

Your site should be updated immediately now! Please note that before updating to this new version, you need to back up your site first in oder not to lose the changes you have made in your sites.

FOR MORE INFORMATION

Detail information is available in this link:

https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html

Thanks so much for reading !