- Details
- Category: News
- Hits: 5188
Joomla has just published a Revised Assessment of 3.6.4 Security Release just a couple of days after the urgent Joomla 3.6.4 Critical Security Release that addresses 2 critical security vulnerabilities.
Basically the Joomla Security Strike Team has confirmed the original implications where malicious hackers could exploit the vulnerabilities to create their own administrator account but the team also confirmed that "under certain circumstances" the attackers could alter existing user accounts ( -- yes, even admin accounts).
The CB Team has also taken a closer look at Community Builder 2.0 installations on Joomla 3 environments and discovered that such sites are actually protected against these nasty Joomla vulnerabilities. By default, all CB 2.0+ installations automatically enable the CB system plugin that redirects Joomla registration and login requests to the equivalent CB requests that are not affected by these Joomla vulnerabilities.
So, simply put: all CB 2.0 / Joomla 3.x sites are protected from these Joomla vulnerabilities.
Please note that our recommendation is still to upgrade all Joomla sites to Joomla 3.6.4 as soon as possible, and additionally rename the Joomla htaccess.txt file (and configure it to your base folder if needed) for added protection.
- Details
- Category: News
- Hits: 5007
Joomla 3.6.4 has just been released and it fixes two critical security vulnerabilities and a two-factor authentication bug.
This is a very important release and all Joomla 3.4.4 to 3.6.3 sites need to be quickly updated to this new release.
You can read the full Joomla 3.6.4 announcement for more details, but to make things super clear here is a list of recommended actions depending on your installed version:
- All sites with Joomla 3.4.4 through Joomla 3.6.3 must update to Joomla 3.6.4 now - this is extremely important as the found vulnerabilities let hackers create accounts on your website and then to promote them to administrator (but not super-administrator ones)
- All sites with Joomla 3.x less than 3.4.4 should upgrade as soon as possible to Joomla 3.6.4. These sites are not affected by the two critical vulnerabilities, but there are many other know issues that have already been fixed
- All Joomla 2.5.x sites (1.0-2.5 are not affected by these 2 vulnerabilities, but they are by other known ones) should plan to upgrade to Joomla 3.6.4. If not possible soon, they should at least by now have updated to the unofficially security-maintained Joomla "2.5.999" version which includes fixes only for high-level security issues (download zip button at top right) and follow that project on github, while planing to plan an upgrade to latest Joomla.
And, as always, make a full backup of your website before you attempt any upgrade.
Community Builder 2.0.15 and all our latest CB add-ons versions are running fine on Joomla 3.6.4 according to our tests.
Beat, member of both CB Team and of the Joomla Security Strike Team (JSST), insists on the urgency and the importance of this Joomla 3.6.4 upgrade: Stop doing what you are doing and Upgrade Now. If you can't, then take an off-site archive-backup of your site Now. Only the latest versions of Joomla and of all your extensions and add-ons, which are the only ones maintained are considered safe at all times.
Keep your Joomlapolis membership active and your sites up to date at all times!
Some hosters who care for Joomla Security have already implemented WAF modsecurity rules to protect their customers. Joomlapolis Web Hosting Services have also done so, even before the 3.6.4 release!
- Details
- Category: News
- Hits: 15779
CB Gallery is here and extremely powerfull !
Kyle has been blogging about it, designng and coding it, and now CB Gallery 2.0 nicknamed "Galleries Galleries Everywhere" is ready for download by all paid members.
This is a complete rewrite with many great new features that will make your community website users very happy and excited with the possibilities.
You can experience the new CB Gallery on our demo site and see the many administrative and user facing options.
Here is a list of the main features in CB Gallery 2.0:
- Users can upload multiple files at the same time and then provide titles and descriptions (yup, just like facebook does)
- All media types are supported (photo, audio, video) as well as file uploads (you can provide filename extension list)
- Users can create unlimited albums to better organize their uploads
- Media files can be uploaded or linked (configration parameter)
- Item quotas can be set for each media type globally or individually (for specific users)
- Moderator approvals can be enabled for all media types
- Gallery playbacks are now using modal popup
- New CB Gallery module lets you display gallery albums, media types, gallery items from specific users (new asset concept) or from all users
- Item downloading can be turned off in gallery and in module
- New CB Gallery bot lets you put any gallery album or item directly in your Joomla content (articles and modules) and even lets your users create new gallery albums or upload new media directly from article!
- Captcha integration for extra security when uploading new items (requires latest CB AntiSpam plugin)
- Gallery activity recorded for activity stream (CB Activity and CB Auto Actions required)
- Create direct Joomla menu links to specific albums or items
- New administrative area lets you quickly see who has uploaded what and all created albums (see this on our demo site)
There are many more built-in features that you can explore on our demo site !
- Details
- Category: News
- Hits: 5826
Community Builder is here with 9 new features and 15 bug fixes
Download it now - it's free and super stable and Joomla 3.6 ready!
Community Builder 2.0.15 is here and has 9 new features and 15 bug fixes.
The key features include:
- Profile editing tab ordering now its own ordering parameter
- Internal URL support for direct tab focus for viewing or editing
- Forgot login and sign-up links can now be rendered as buttons in CB Login module
The full list of features and bug fixes is available in our discussion thread below.
Community Builder continues to be one of the most well maintained projects in the Joomla universe. We continuously release free nightly builds when we fix bugs of add new features. This way our huge community is able to test these changes and give quick feedback. This helps the project produce robust bug free code for the millions of Joomla websites using Community Builder.
All of this is made possible with the financial support provided by paid members. Paid Membership offers great benefits with many powerful add-ons and fantastic forum driven same/next business day responses. A big Thank You to all our paid members and to all contributors of CB!
CB 2.0+ websites can be upgraded to latest CB 2.0.15 using the built-in Joomla upgrader or with a simple install over (precautionary backup always recommended) as all previous settings are kept.
- Details
- Category: News
- Hits: 7731
Almost one day after a Joomla 3.6.1 security release, the Joomla project released Joomla 3.6.2 as a quick follow-up bug fix release.
The combined releases address nearly 150 bug fixes and some medium/low priority security issues.
Important: Before upgrading to Joomla 3.6.2 make sure that you first upgrade all your components, including core "Joomla! Update Component Update" component. To do so:
- go to menu: Extensions / Manage / Upgrade
- Click "Find updates" button
- Select your extensions to upgrade, but at least "Joomla! Update Component Update" (its latest version at press time is 3.6.1)
- Click "Upgrade" button
Once you have upgraded the extensions, you can safely upgrade Joomla to 3.6.2.
In the seldom case where the last stage of the Joomla upgrade (database upgrade) would fail, no worries, go to menu: Etensions/ Manage / Database, then click the Fix button.
In the very seldom case where you are missing extension installation methods tabs, go to menu Extensions / Manage / Discover then click "Discover" button, select the installer plugins and click the "Install" button.
We have been testing Joomla 3.6.2 with our latest Community Builder 2.0.14 and everything works great!
As always, we recomend to upgrade your websites on a cloned environment and test everything before you take a full backup and apply Joomla upgrade on your productions sites.
A great resource you can follow is the Joomla 3.6.2 FAQ article that contains all the latest findings / issues identified by the Joomla project concerning this new release.
- New downloads manager: CB Package Builder 5.1 with frontend management
- Joomla 3.6 Released
- Our Demo Site is up and running
- New Joomlapolis Rocks!
- CBSubs GPL 4.1 with Timed content, Taxes inclusive price display, and plan substitutions usable anywhere
- A website story - part 3
- A website story - part 2
- New CB Replacer 1.0 Released
- Joomla 3.5.1 released!
- A website story - part 1