Joomla! 1.0.7 [ Sunburst ] is now available as of Sunday 15th January 2006 21:00 UTC for download here. 1.0.7 is essentially 1.0.6 repackaged to fix one major bug in 1.0.6 - therefore it should still be considered a Security Release. It contains nine (9) `Low Level` Security Fixes, and seventy (70 plus minor/non-critical bug fixes.
We recommend that you upgrade to this version. If you are running 1.0.6 you MUST upgrade to 1.0.7.
1.0.7 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security & Bug Fix work conducted.
To ensure the integrity of the files you are downloading you are advised only to download from the 'Official Source' on the Official Joomla! Forge. As an extra security measure we now make available the MD5 checksum of the respective package files to allow people to do integrity checking.
1.0.7 Changelog
1.0.7 Version Information
1.0.7 Package File MD5 checksums
Security Vulnerabilities
Joomla! 1.0.7 Contains nine (9) fixes for Security Vulnerabilities.
Low Level Fixes
- Disallow Author from publishing items or changing publish state
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Hardened Contact Component against misuse
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Added simple filtering control ability to Contact Component
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Hardened misuse of Contact Component `email copy` ability when not activated
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Hardened misuse of Contact Component `VCard` ability when not activated
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - `VCard` & `Email Copy` options set to hide by default
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Hardened Itemid against misuse
- Affects all previous versions of Joomla! and Mambo 4.5.2.x series - Multiple Vulnerabilities in TinyMCE Compressor
- Affects Joomla! 1.0.4 & 1.0.5
Non-Critical Bug Fixes
1.0.7 contains a fix for a bug in 1.0.6 that would overwrite the database password with a blank value when `saving` in the global configuration area. Also this release contains a fix for a SEF problem in Joomla! 1.0.5 and it is highly advised that if you are running SEF that you upgrade to this version.
Apart from that there are 70+ non-critical bugs that have been fixed.
Package Format
To cater for the widest range of users, the package files are now available in three (3) compression file formats:
Upgrade Instructions
- To update from Joomla! 1.0.6, all you have to do is simply overwrite files from the 1.0.6 to 1.0.7 Patch Package
- To update from Joomla! 1.0.5, all you have to do is simply overwrite files from the 1.0.5 to 1.0.7 Patch Package
- To update from Joomla! 1.0.4, all you have to do is simply overwrite files from the 1.0.4 to 1.0.7 Patch Package
- To update from Joomla! 1.0.3, all you have to do is simply overwrite files from the 1.0.3 to 1.0.7 Patch Package
- To update from Joomla! 1.0.2, all you have to do is simply overwrite files from the 1.0.2 to 1.0.7 Patch Package
- To update from Joomla! 1.0.1, all you have to do is simply overwrite files from the 1.0.1 to 1.0.7 Patch Package
- To update from Joomla! 1.0.0, all you have to do is simply overwrite files from the 1.0.0 to 1.0.7 Patch Package
Conversion Instructions
For those converting from Mambo 4.5.2.x please read these Migration instructions. You need to download the Joomla 1.0.7 Full package
The continued success of Joomla! is a partnership between the community and the Joomla! Team and 1.0.7 is another testimony of the strength of this cooperative endeavour. Thank you to the community for the assistance in helping us improve Joomla 1.0.x and making it more stable.
This has been more than amply demonstrated in the communities patience to the problems in the 1.0.6 release and the quick response in identifying the problem.
Apology
I accept full responsibility for the error in 1.0.6 that has caused 1.0.7s immediate release.
It was I who introduced the code (after the Beta had been released to testers) and it was I who had final responsibility for testing and packaging 1.0.6.
I remain fully committed to ensuring the quality of the Joomla! stable code base and rest assured an examination of how to improve procedures will be conducted - Rey
Rey Gigataras [stingrey]
Joomla! Software Coding and Design
Stability Team Leader