Let’s celebrate! The Joomla! Project is pleased to announce the release of Joomla 5.2.3 and Joomla 4.4.10. This is a security and bug fix release for the 5.x and 4.x series of Joomla.

These releases continue Joomla’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.

Security Fix

• [20250101] - Core - XSS vectors in module chromes
• [20250102] - Core - XSS vector in the id attribute of menu lists
• [20250103] - Core - Read ACL violation in multiple core views

Bug fixes and Improvements with 5.2.3

• Fix joomlaExtButtons TinyMCE plugin, buttons validation (#44507)
• Email Validation apostrophe (#44527)
• Set correct AssetTitle and AssetParentId (#42493)
• Remove empty images and anchors from mod articles_news (#42493), mod articles_category (#44478) and (#44475)
• Remove wrong class in cancel link in add verification code frontend page (#44473)
• Allow multiselect for checkboxes (#44500)
• postgres and finder suggestions (#44384)
• Pre-update check for extensions AllowDynamicProperties (#44307)
• Fix PHPCS nullable parameter (#44543)
• Fix double closing Curly braces in inline style (#44532)
• Uncaught TypeError: can't access property "getAttribute", toggleButton is null (#44555)
• Plugins: Search not case-insensitive for unicode language (#44525)
• Fix increment on non-alphanumeric string deprecation (#44173)
• User: Don't reset newly set requireReset (#44519)
• CoreButtonsTrait back() generates wrong button text (#44509)
• Tags: Make router discover 404s properly (#44540)
• Catch exception to get the user in the action log model (#44358)
• Fix return typehint in IdentityAware trait (#44567)
• Composer update joomla/application to 3.0.3 to fix PHP deprecations in Web Client (#44585)
• User: Allow MFA before password reset (#44521)
• Fix duplicate entry with the action logs by removing the second call to onJoomlaAfterUpdate (#44629)
• [CLI] extension:remove -n option "Invalid Response" fix (#44546)
• Privacy: Allow MFA and invalid privacy consents (#44522)
• Refresh changelog URL on manifest cache refresh (#44565)

The full list on GitHub is here: https://github.com/joomla/joomla-cms/milestone/135?closed=1

What’s shipped with 4.4.10?

• Security fixes

Where can I download Joomla 5.2.3?

You can find all Joomla 5 downloads through the official downloads page at: https://downloads.joomla.org/cms/joomla5/ 

New Installations

New installation instructions and technical requirements

Install 5.2.3 

Upgrade

Upgrade 5.2.3

Where can I download Joomla 4.4.10?

Upgrade

Upgrade 4.4.10

Would you like to make a tour of Joomla 5 without having to install it? We have a solution for you: Try Joomla 5.2.3 at launch.joomla.org.

How can I upgrade my site to Joomla 5.2.3?

Good news for Joomla 4.4.x to 5.x, it’s an upgrade, not a migration. Why? Two main reasons:

1. Joomla 4 (J4) extensions that have removed all deprecations of code and are using up-to date Joomla code, will work in Joomla 5 (J5)
2. Most others will work with the new Behaviour - Backward Compatibility Plugin enabled

The full details are found here: https://docs.joomla.org/Joomla_4.4.x_to_5.x_Planning_and_Upgrade_Step_by_Step

Note: we advise you to first test the upgrade on a copy of your production site.

You may also wonder if you have to migrate ASAP. You can take your time; we’ll support 4.4 for 1.5 more years. So your site is not at risk if you don’t upgrade now. And don’t forget that some of your extensions may not be yet ready for Joomla 5 (even though most developers have done a great job offering a Joomla 5 test version for a while. You can filter by version in the Joomla Extensions Directory so you can see which are ready for J5 and which are J5 ready with the b/c plugin enabled.

For known issues with the 4.4.10 release, see the Version 4.4.10 FAQ; for the 5.2.3 release, check the Version 5.2.3 FAQ in our documentation.

Who is Joomla! for?

Web agencies, large and small companies, online shops, bloggers, communities, and all kinds of organisations (for example, NGOs, schools, charities and governments) all use Joomla as their preferred CMS.

Joomla is written by committed volunteers. Many of those volunteers use it in their everyday web design, building and hosting. So, unlike many other systems, Joomla is built by those using it on a daily basis. That is reflected in its secure, robust nature.

Is there help for extension developers with Joomla 5?

Yes, a growing manual is aimed at those who code and maintain their extensions. The manual can be found at https://manual.joomla.org/migrations/51-52/ and is a growing work to help developers get ahead of any changes.

How can you help develop Joomla?

There are a variety of ways in which you can get actively involved with Joomla. It doesn't matter if you are a coder, an integrator, or a user of Joomla. You can join the community on Mattermost and look through the teams to join, or if you are ready, you can jump right into the Joomla! Bug Squad.

The Joomla! Bug Squad and the CMS Release Team are some of the most active teams in the CMS development process and are always looking for people (not just developers) who can help with sorting bug reports, coding patches and testing solutions. It is a great way to increase your working knowledge of the Joomla code base and also a great way to meet new people from all around the world.

You can also help Joomla development by thanking those involved in the many areas of the process. The Project also wants to thank all the contributors who have taken the time to prepare and submit work to be included in the Joomla CMS and Framework.

Where can I find documentation about Joomla 5?

There are some tutorials to help you with Joomla 4. You can find the existing ones, like creating a Plugin or a Module for Joomla 4, namespaces conventions, prepared statements, using the new web asset classes and many more in https://docs.joomla.org/Category:Joomla!_5.x

We encourage developers to help write the documentation about Joomla 5 on docs.joomla.org to help and guide users and other extension developers.

A JDocs page will help developers to see the existing documentation and the documentation still needed.

We invite you to check it regularly, update it and provide the missing content.

Related information

If you are an extension developer, please make sure you subscribe to the extension developer channel https://joomlacommunity.cloud.mattermost.com/main/channels/extension-development-room

Where you can join the community of extension developers.

• Filing bugs and issues
• General developer mailing list
• Joomla developer network

A Huge Thank You to Our Volunteers!

Joomla 5.2.3 results from thousands of hours of work by dozens of volunteers.

A big thank you to everyone who contributed to Joomla 5.2.3!

A special mention to the Joomla 5.2 release managers: Hannes Papenberg and Peter Martin, who worked tirelessly to get this release out. 

Full details are on GitHub

A huge shout out to our teams, who have done an amazing job. In particular, the CMS maintenance team, CMS release team, docs team and Marketing team all did their utmost to make this release happen.

Thank you all.

Translations

Dutch: Veiligheids en bug-fix release Joomla 5.2.3 en 4.4.10
German: Joomla! 5.2.3 und 4.4.10 als Sicherheits- und Bugfix-Release veröffentlicht
Greek: https://joomla.gr/joomla-news/nea-ekdosi-joomla-5-2-3  
Russian: Вышли релизы безопасности Joomla 5.2.3 и Joomla 4.4.10