The Joomla Project announces the immediate availability of Joomla 1.6.1. This is a security release.
The Production Leadership Team's goal is to continue to provide regular, frequent updates to the Joomla community.
Learn more about Joomla! development at the Developer Site.
Download
Click here to download Joomla 1.6.1 (Full package) »
Click here to download Joomla 1.6.1 (Upgrade packages) »
Instructions
- New installation and technical requirements
- Upgrade from an existing Joomla 1.6 version
- Migration from Joomla! 1.5.x
Want to test drive Joomla? Try the online demo. Documentation is available for beginners.
Please note that you should always backup your site before upgrading.
Release Notes
Check the Joomla 1.6.1 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.
Security
- Moderate Priority - Core - SQL Injection / Internal Path Disclosure.
- Moderate Priority - Core - Path Disclosure.
- Moderate Priority - Core - XSS Vulnerabilities.
- Moderate Priority - Core - XSS Vulnerabilities.
- Low Priority - Core - Information Disclosure.
- Moderate Priority - Core - Redirect Vulnerabilities.
- Moderate Priority - Core - Information Disclosure.
- Low Priority - Core - Unauthorised Access.
- Moderate Priority - Core - CSRF Vulnerabilities.
- Moderate Priority - Core - DOS Vulnerabilities.
- Moderate Priority - Core - XSS Vulnerabilities.
- Moderate Priority - Core - CSRF Vulnerabilities.
Issues Fixed
| Category | Issue Title | Link |
|---|---|---|
| ACL | group perms list should be expand/collapsible at will | 24397 |
| ACL | new user group assignement doesn't work | 24707 |
| ACL | A registered user can change their user name | 24890 |
| ACL | No save icon in article editor for new article with category level permission | 24886 |
| ACL | Users with create permission in a category cannot see the image button below the editor | 24857 |
| Administration | Fix background color in high contrast batch fieldsets | 24255 |
| Administration | Refresh Cache in Extension Manager: Failed loading XML file | 24292 |
| Administration | Inconsistent term for User Group | 24328 |
| Administration | Multiple groups are a problem in the user manager | 24475 |
| Administration | Improve the cpanel of admin templates + correting some errors | 24523 |
| Administration | Language fixes and new warnings for com_installer | 24457 |
| Administration | Templates filter searches all extensions | 24599 |
| Administration | Improve the Directory Permissions in com_admin | 24558 |
| Administration | 3rd party components install in location "site" instead of "administrator" | 24305 |
| Administration | *PHP warning in extension manger | 24336 |
| Administration | Missing messages for some menu item types having no Basic Options | 24884 |
| Administration | Problems with aliases when there is a menu alias menu type | 24881 |
| Administration | Alternative Layout Not Implemented in com_search, com_users | 25006 |
| Authentication & Login | *Issue in back-end login module with Languages not installed in db but present in the admin language folder | 24681 |
| Authentication & Login | *Multilanguage on and site offline: loggin front-end gets in a loop | 24912 |
| Authentication & Login | Login form does not use https | 24307 |
| Code Style | PHP Strict Standards Message, Category Blog | 24309 |
| Code Style | CRLF instead of LF in some files | 24876 |
| Code Style | Systematic elimination of DS as directory separator - Round 2 | 24589 |
| Code Style | Wrong class in kategory list mode | 24914 |
| Components | Unescaped value should be filtered. | 24252 |
| Components | Getting 500 errors editing from category blog on front end with default sef on | 24280 |
| Components | SQL Injection can result in information disclosure | 24232 |
| Components | com_contact, wrong string is used in config.xml (COM_CONTACT_FIELD_PROFILE_SHOW_LABEL used twice) | 24491 |
| Components | com_contact view contact links | 24269 |
| Components | com_newsfeeds doesn't set default view in frontend | 24444 |
| Components | com_mailto Spam Email Relay | 24288 |
| Components | SQL error in com_contact if id not set | 24371 |
| Components | Strict standards: Declaration of WeblinksModelCategory::getItems() should be compatible with that of JModelList::getItems() in | 24265 |
| Components | Inconsistency in the Add new newsfeed screen | 24665 |
| Components | Missing tooltip in Web Links Manager | 24694 |
| Components | *menu items metadata not implemented | 24704 |
| Components | Link Author option lacks in Archived Articles menu item | 24726 |
| Components | com_menu not looking for component xml file | 24562 |
| Components | Details of the components are in different orderings | 24731 |
| Components | duplicate case in switch in ~/components/com_users/controller.php | 24711 |
| Components | *Weblinks icon hardcoded | 24776 |
| Components | *Contacts Category model tries to load params from menu even if no Itemid is set | 24446 |
| Components | Clicks on a custom banner are not counted | 24417 |
| Components | *Banners unique alias | 24882 |
| Components | *Search lower and upper limit do not take into account localise.php settings | 24932 |
| Components | *Accommodating for longer string value in Banners Edit page | 24869 |
| Components | com_categories doesn't properly update paths of children categories when moved to a new parent | 24506 |
| Components | Redirect component does not list 404 errors for missing child page when parent page does exist (patch supplied) | 24911 |
| Components | Get error after save options for component | 24856 |
| Components | duplicate code weblink .php | 24978 |
| Components | *Category Save as Copy does not save with different title/alias | 24909 |
| Components | *modal_contacts field type problems | 24433 |
| Components | Joomla displaying error after uploading an image using Media Manager and the path does not stay where it is after the upload | 24489 |
| Components | Double category strings in URLs | 24799 |
| Components | A banner with limited impressions will never show | 24908 |
| Components | Multiselect not implemented in all views | 24929 |
| Components | Can't display teaser text in full article view. | 24880 |
| Components | Extra markup in some component views | 25042 |
| Components | extra closing div in \components\com_weblinks\views\form\tmpl\edit.php | 25035 |
| Database | Issue with MySQL compatibility in joomla.sql with params fields | 24299 |
| Database | in sql file bug | 24825 |
| Forms | Contact form typo - duplicate tag <label> for Email and Message | 24743 |
| Forms | JHtml select.radiolist produces unnecessary label class suffix | 24423 |
| Forms | The "Ordering" form field type defaults to "0", causing accidental changes to ordering of plugins, modules, banners, etc (with patch) | 24933 |
| Front End | Cannot edit a weblink from the frontend | 24249 |
| Front End | Wrong description language code for email1 field | 24619 |
| Front End | *Submitting two articles in the same category with the same title but different aliases doesn't work on frontend | 24322 |
| Installation | Sample data - Wrapper module issue | 24001 |
| Installation | Installation IE fixes | 24253 |
| Installation | J!1.6 lacks a remove installation folder screen | 24283 |
| Installation | com_installer Admin XSS | 24281 |
| Installation | Sample data links | 23792 |
| Installation | Javascript error in installation | 24294 |
| Installation | Internationalisation of sample data options list | 23083 |
| Installation | *Localise xml default language is not highlighted in the drop down | 24580 |
| Installation | *Languages not installed in db but present in the language folders in joomla issue | 24582 |
| Installation | Enabling debug language mode in installation application | 24657 |
| Installation | Add a button to the installation to remove the installation folder | 24097 |
| Installation | Improve installation.js | 24496 |
| Installation | bug: old extension version reported from cache after automatic extension update** | 22624 |
| Installation | Plugins installed via discover are enabled | 24389 |
| Installation | Sample Data Typo | 25091 |
| Javascript | Error parameters formated in tinymce | 24233 |
| Javascript | None of the JS files have been compressed. | 24260 |
| Javascript | Don't use the $() function in JavaScript. | 24519 |
| Javascript | Make some scripts compatible with Mootools 1.3 | 24740 |
| Joomla! Libraries | Some article code can send JFilterInput into an endless loop | 24258 |
| Joomla! Libraries | Fatal error: Cannot use object of type stdClass as array in ../libraries/joomla/updater/updater.php on line 108 | 24276 |
| Joomla! Libraries | response headers show wrong joomla version | 24273 |
| Joomla! Libraries | Manifest data is not being serialized as JSON during install and discovery install. | 24550 |
| Joomla! Libraries | Joomla! Web Application Framework library is uninstallable | 24644 |
| Joomla! Libraries | Library JURI has an optional parameter: it should be mandatory | 24405 |
| Joomla! Libraries | Unused JDate code causing"Catchable fatal error" | 24532 |
| Joomla! Libraries | JController class lacks a unregisterTask method | 24419 |
| Joomla! Libraries | Abort during install of component and module fail due to rollback methods being protected instead of public. | 24548 |
| Joomla! Libraries | typo in databasequery.php - udpate | 24675 |
| Joomla! Libraries | Add support for defer/async to JDocument | 24821 |
| Languages | Hathor status module jtext plurals | 24254 |
| Languages | Missing Language string Cache Unwritable | 24384 |
| Languages | MODULES_ERR_XML incorrectly called | 24396 |
| Languages | Missing language string JLIB_INSTALLER_ABORT_PACK_INSTALLER_COPY_SETUP | 24426 |
| Languages | Incomplete language strings in Mass Mail | 24466 |
| Languages | missing translation for COM_WEBLINKS_DEFAULT_PAGE_TITLE | 24448 |
| Languages | Incorrect language definition in 'List Contacts in a Category' menu item type | 24464 |
| Languages | Incorrect tooltips in Articles Categories module | 24520 |
| Languages | Incorrect tooltip in Module Manager | 24518 |
| Languages | In Bluestork, longer labels are being cut off especially radio button labels | 24525 |
| Languages | *Extra language definitions for icon tooltips in Messages component | 24615 |
| Languages | *Incorrect error string after saving default menu item with set 'Default Page' radio button to 'no' value | 24513 |
| Languages | *No translation of options (plugin names) in ordering field of plugins | 24607 |
| Languages | Incorrect term in a tooltip in the Menu Items screen | 24642 |
| Languages | *Incorrect tooltip for the Enabled column in Plug-In Manager | 24698 |
| Languages | *Incorrect tooltip in News Feed Manager | 24695 |
| Languages | Incosistency in the Link Author article option | 24724 |
| Languages | Contact language is ignored in frontend | 24710 |
| Languages | Untranslated strings TPL_BEEZ5_ISCLOSED and TPL_BEEZ5_LOGO | 24897 |
| Languages | Debug Language showing up | 24859 |
| Languages | The strings used for the display column in the module assignment slider are confusing | 24999 |
| Languages | Cannot Translate Option Values using JForm SQL Field Type** | 24903 |
| Layouts | Extra div element in Category List for unpublished articles | 24873 |
| Layouts | Missing class blog_children | 24916 |
| Layouts | Missing class default_children | 24915 |
| Modules | *Langswitcher module needed display improvement parameters | 24461 |
| Modules | New Window without navigation | 24540 |
| Modules | Backend mod_status private messages pluralisation | 24573 |
| Modules | mod_articles_category creates wrong html code | 24564 |
| Modules | Disabling modules on a page leaves error messages | 24287 |
| Modules | Empty tooltips in module edit screens | 24674 |
| Modules | Mod popular and latest article processing events in content plugins | 24557 |
| Modules | *Don't show empty divs in mod_login | 24702 |
| Modules | Module articles category - fatal error | 24317 |
| Modules | Articles Category Module Gropu by Author error | 24693 |
| Modules | Modules do not have Trashed state | 24927 |
| Modules | Module Banners: "All categories" option does not include all categories | 24896 |
| Modules | Incorrect ID attribute's value in backend menu | 24947 |
| Modules | Stripped code in contents and custom html module | 24545 |
| Modules | JNO/JYES instead JSHOW/JHIDE in mod_weblinks.xml | 25008 |
| Modules | Missing "parent" css class if menu is collapsed | 24963 |
| Modules | mod_articles_category generates a PHP warning when using language filter | 24838 |
| Modules | Fatal error in mod_articles_category when showing readmore | 24528 |
| Modules | *Duplicated module is published | 25110 |
| Plugins | Language switcher broken by #24210 | 24256 |
| Plugins | *debug plugin does not display results if gzip is on | 24267 |
| Plugins | Update GeSHI to 1.0.8.9 | 24404 |
| Plugins | If a system plugin tries to load its language file, Joomla! falls back to setting the default site language to English. | 24750 |
| Plugins | PATCH: Change pagination pagelist | 24797 |
| Plugins | plg_user_profile "Website" field XSS | 24372 |
| Plugins | *Detect browser lang and cookie broken when using languagefilter | 24767 |
| Plugins | *Redundant call to load language in tinymce causes lang load issue | 24840 |
| Plugins | [#24767] *Detect browser lang and cookie broken when using languagefilter | 24837 |
| Plugins | Improve the voting plugin | 24497 |
| Plugins | * Menu manager Multilanguage Deactivate Home | 24877 |
| Plugins | Alias URL does not work with Language filter plugin active - sef off | 24455 |
| Plugins | Plugin User-Profile Birthday field alpha entry crashes Profile Fields in Admin | 24883 |
| Plugins | Upgrade Geshi to 1.0.8.10 | 25022 |
| Plugins | Upgrade Codemirror to Version 0.94 | 23491 |
| Plugins | Codemirror update causes improper characters in template html/css editing | 25038 |
| RTL | *Implementing RTL pagination in beez | 24391 |
| RTL | *RTL/LTR issues in Beez2 and 5 (News feeds and debug) | 24409 |
| RTL | breadcrumbs doesn't look good on rtl templates | 24428 |
| RTL | uppear right toolbar on rtl template isn't align well | 24460 |
| RTL | *Correcting icon message display in installation with rtl lang | 24570 |
| RTL | modifying Beez 20 to compatibility with RTL | 24983 |
| RTL | *modifying Beez5 to compatibility with RTL | 25034 |
| Search Engine Friendly | Transliteration does not work in Category Manager | 24872 |
| Search Engine Friendly | Send HTTP result code 503 for the offline page | 24646 |
| Search Engine Friendly | 404 errors when using pagebreak with sef enabled | 24816 |
| Search Engine Friendly | Remove com_search SEF encoding of search term | 24314 |
| Search Engine Friendly | Redirect is Not Working with SEF | 24524 |
| Search Engine Friendly | sef plugin results in a blank page for large content | 24865 |
| Templates | Missing image in Beez2 and Beez5 | 24162 |
| Templates | /templates status indicator in backend | 24301 |
| Templates | Bluestork administrator template template.css typo | 24327 |
| Templates | In Users, Mass Mail Users, the tooltips are not being styled. | 24459 |
| Templates | beez template typo with position-15 | 24587 |
| Templates | Unstyled dialog when clicking 'new' in module manager | 24320 |
| Templates | Error page styling forces error box to far left | 24394 |
| Templates | Screens jumps when using the ACL widget | 24298 |
| Templates | No rounded corners in Opera for Modal | 24591 |
| Templates | New preview screenshots required for the admin templates | 24701 |
| Templates | Removes references to non-existing stylesheet | 24735 |
| Templates | Image j_button2_right.png missing from system template | 24828 |
| Templates | Remove the border attribute | 24790 |
| Templates | Typo in media/media/css/popup-imagelist.css (wrong color value for background) | 24830 |
| Templates | *Debug position in beez 20 template doesn't work. | 24833 |
| Templates | JS error notices default template in IE7+8 | 24231 |
| Templates | JS patch for Beez5 - IE issue hide.js | 24975 |
| Templates | Beez_20 and Beez 5 xml patch | 25011 |
| User Interface | * Adding a "Location" column in Language Manager | 24377 |
| User Interface | Administration templates renders JForm "checkboxes" incorrectly in config | 24318 |
| User Interface | Admin Trashed menu doesn't display - link error | 24463 |
| User Interface | Trashed articles - no indication of being trashed , when viewed at front of site | 23915 |
| User Interface | *Contact form in frontend does not display the star for required fields | 24708 |
| User Interface | Message label incorect showed and inconsistency with coma after labels in Contact form | 24732 |
| User Interface | *Banners Tracks export modal needs more height | 24812 |
| User Interface | [patch] Enable editor-xtd buttons to have meaningful tooltips | 24811 |
| User Interface | *Accommodating longer strings in bluestork page title | 24831 |
| User Interface | Change "Templates Manager" to "Template Manage" | 24874 |
| User Interface | * Different Alias fields tooltips | 24759 |
| User Interface | *Normalise modals UI | 24923 |
| User Interface | JTRASH instead JTRASHED in jgrid.publishedOptions | 24926 |
| User Interface | Banner Manager: Banners - increase is needed for colspan of table's footer | 24965 |
| User Interface | There is no featured button in the tool bar, so no way to make multiple articles featured | 24996 |
| User Interface | Cannot allow a group to create in a single sub category | 24993 |
| User Interface | PNG images are not optimized | 22832 |
Statistics for the 1.6.1 release period:
- Joomla 1.6.1 contains:
- 206 tracker issues fixed in SVN
- 12 security issues fixed
Joomla! Bug Squad
Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the 1.6 Bug Tracker.
Active members of the Joomla Bug Squad during this last release cycle include: Akarawuth Tamrareang, Andrea Tarr, Andrew Eddie, Bill Richardson, Christophe Demko, Elin Waring, Harald Leithner, Ian MacLennan, Jacob Waisner, Janich Rasmussen, Jean-Marie Simonet, Jeremy Wilken, Marijke Stuivenberg, Mark Dexter, Matt Thomas, Michael Babker, Nikolai Plath, Ole Bang Ottosen, Omar Ramos, Phil Snell, Rouven Weßling, Rune Sjøen, Samuel Moffatt, Selene Feigl.
Bug Squad Leadership: Andrew Eddie, Ian MacLennan, and Mark Dexter Coordinators; Bill Richardson, Elin Waring, Marijke Stuivenberg, Matt Thomas, and Omar Ramos, Team Leaders.
Joomla! Security Swat Team
A big thanks to the Joomla! Security Swat Team for fixing all reported security issues with this release. We would especially like to thank our newest members, Bill Richardson, Elin Waring, and Rouven Weßling for their efforts with this release.