Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses three critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately.
This release only contains the security fixes and bug fix; no other changes have been made compared to the Joomla! 3.6.3 release.
What's in 3.6.4
Version 3.6.4 is released to address two critical security issues and a bug regarding two-factor authentication.
Security Issues Fixed
- High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3) More information »
- High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3) More information »
- High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3) More information »
Bug Fixes
- [#12497] Two-Factor Authentication encryption fix
Please see the documentation wiki for FAQ’s regarding the 3.6.4 release.
Download
New Installations:
Download Joomla! 3.6.4English (UK), 3.6.4 Full Package
Upgrade Packages:
Upgrade PackagesJoomla! 3 upgrade packages
Note: Please read the update instructions before updating.
Please remember to clear your browser's cache and any webhost or CDN caching after updating.
A Huge Thank You!
Thank you to the Joomla! Security Strike Team for their swift resolution of this issue.
Joomla! Security Strike Team
A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla! secure.
Members include: Beat B., Brian Teeman, Mark Boos, Luca Marzo, Marco Dings, Thomas Hunziker, David Jardin, Alan Langford, Jean-Marie Simonet, Phil Taylor, Viktor Vogel, George Wilson, Davide Tampellini, André Pereira da Silva, Peter Martin, Claire Mandville and Yves Hoppe.
Security Team Leadership: Michael Babker, Coordinator
Image Credit: Elisa Foltyn