Joomla 3.6.2 is Out
It’s a two-fer! Two new versions of Joomla are out and they’re security releases, so they do need to be done.
Joomla! 3.6.1 Released (joomla.org)
Joomla! 3.6.1 is now available. This is a security release for the 3.x series of Joomla. This release fixes several low level security issues. We strongly encourage you update your sites.
The Joomla! 3.6.1 Update (joomla.org)
During the latest release of Joomla! 3.6.1 an issue emerged because of a security fix. 3.6.1 introduced a CSRF token check to the Joomla! Update component as an extra level of security to fix a Medium Level security issue. 3.6.0 down to 2.5.4 (every Joomla! release with the update component) will hit an issue with failing to pass the CSRF token check because those versions don’t generate the needed token to pass the check.
Therefore we have had to make some emergency decisions:
Updating from Joomla! 2.5.x
Unfortunately there was a bug when updating Joomla! 2.5.x to 3.6.0 – this was patched in the 3.6.1 release – however as this migration is no longer possible – you will need to first migrate to Joomla! 3.5.1 then upgrade to 3.6.0. Then follow the steps below for users on Joomla! 3.6.0.
Updating from Joomla! 3.0.0-3.5.1
Update to Joomla! 3.6.0 through the Joomla! Update component. Then follow the steps below for users on Joomla! 3.6.0.
Updating from Joomla! 3.6.0
Update the Joomla! Update Component through the Extension Manager. Then use the Joomla! Update component to update to the latest 3.6.x version.
For those who have updated to 3.6.1 from 3.6.0 already
For those who have already updated to Joomla! 3.6.1 don’t worry. All the new 3.6.1 files have been successfully put in place. Simply run the database fixer tool to delete the one file we have removed.
For those who have updated to 3.6.1 from a version earlier than 3.6.0 already
Your files have been updated. You must treat this upgrade as if you have updated Joomla! by unzipping the files over your existing system. We strongly advise that you run the database fixer tool to clean up outdated files and update the database structure. Note this will not fix any insert or updates by design as we cannot verify that these have happened before. Therefore you will need to manually apply these changes yourself. We apologise for the inconvenience this causes our users.
All Versions (2.5.4 to 3.6.0) – Manual Upgrade
Though we do not encourage this practice, it is possible to update Joomla! manually (similar to Joomla! 1.5 updates) and perform a proper upgrade.
Joomla! 3.6.2 Released (joomla.org)
Joomla! 3.6.2 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes some bugs in email cloaking and sessions from Joomla! 3.6.1.
The combined releases address nearly 150 bug fixes and some medium/low priority security issues. So yeah… they need to be done.
TYPE OF UPGRADE: Security
MAJOR OR MINOR: Minor
SUGGESTED ACTION: Upgrade now
WHY: To fix security issues.
Our Website Maintenance Department will be in contact with all of our clients running Joomla regarding these upgrades and we’ll get you a quote.