Joomla Update on Thursday, October 22, 2015
This is just a heads up that there’s an important Joomla update coming out on Thursday. We’ll start applying to it to websites Thursday night:
A Joomla 3.4.5 release containing a security fix will be published on Thursday 22nd October at approximately 14:00 UTC
The Joomla Security Strike Team (JSST) has been informed of a critical security issue in the Joomla core.
Since this is a very important security fix, please be prepared to update your Joomla installations next Thursday.
Until the release is out, please understand that we cannot provide any further information.
 – Core – Remote File Inclusion
Posted: 30 Sep 2014 12:00 PM PDT
Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Exploit type: Remote File Inclusion
Reported Date: 2014-September-24
Fixed Date: 2014-September-30
CVE Number: CVE-2014-7228
Inadequate checking allowed the potential for remote files to be executed.
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Our team will be contacting clients that will be affected.