The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

For more information about this exploit, click here to visit the Joomla Security Blog.

Instructions

• Upgrade from an existing Joomla! 1.5 version
• Migration from Joomla! 1.0.x
• See below for manual installation instructions

Download the Joomla 1.5.6 full package now

Download update packages

Release Notes

• SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.

Manual Installation

Download the Joomla! 1.5.6 Security Patch changed files only

For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:

		components/com_user/models/reset.php
		changelog.php
		includes/framework.php
		administrator/includes/framework.php
		libraries/joomla/version.php
		libraries/joomla/environment/uri.php

This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.