Joomla, one of the world’s most popular Content Management Systems (CMS), announced today its partnership with Report URI, the Application Security and Health Monitoring leader.

Report URI and Joomla are pleased to announce a new partnership where Joomla will be using the industry leading solution to continuously monitor the multitude of joomla.org websites, analyze the results and improve security for website visitors. For Report URI this partnership means helping build a more secure open internet by serving one of the world’s most prominent open source organizations and further helping to enhance the security of open source projects.

Joomla’s HTTP Security Headers journey for the joomla.org network of sites started back in March 2018 and since then we have constantly improved that to now set most of the available headers which result in an A grade on SecurityHeaders.com for joomla.org. A key part of a successful implementation is a reporting endpoint and back in 2018 we built our own solution, but over the time we realized that this solution does not scale and there are so many invalid reports that have to be ignored – so we disabled the reporting endpoint after the successful implementation and an initial test run. Today we are really excited to start enabling reporting via the Report URI service across our sites and fill that gap so we can constantly monitor and collect not just the Content Security Policy reports, but also all sorts of other reports in one central place.

Says Tobias Zulauf, Security Member Joomla CMS and Websites.

Scott Helme, Founder of Report URI, also shared his excitement:

Ever wished you could support the developers who devote themselves to making Joomla one of the leading Open Source CMS? Now you can! Joomla has joined the GitHub Sponsored Organization Program. GitHub has launched GitHub Sponsors, a way to give financial support to Open Source contributors on all kinds of projects. Joomla is one of those projects. ...

Joomla 3.9.16 is now available. This is a security release for the 3.x series of Joomla which addresses six security vulnerabilities and contains over 20 bug fixes and improvements.

Don't forget to backup your site first

What's in 3.9.16?

Joomla 3.9.16 includes 6 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

• Low Priority - Core - SQL injection in Featured Articles menu parameters (affecting Joomla 1.7.0 through 3.9.15) More information »
• Low Priority - Core - CSRF in com_templates image actions (affecting Joomla 3.2.0 through 3.9.15) More information »
• Low Priority - Core - XSS in Protostar and Beez3 (affecting Joomla 3.0.0 through 3.9.15) More information »
• Low Priority - Core - Incorrect Access Control in com_templates (affecting Joomla 2.5.0 through 3.9.15) More information »
• Low Priority - Core - Identifier collisions in com_users (affecting Joomla 3.0.0 through 3.9.15) More information »
• Low Priority - Core - Incorrect Access Control in com_fields SQL field (affecting Joomla 3.7.0 through 3.9.15) More information »

Bug fixes and Improvements

• Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ and ‘ugc’ attributes #28055 
• Fields - Imagelist: Correct the display of the folder structure #16708
• Popular Tags Module fix #27745
• User - Contact Creator plugin: catid fixed #27949

Visit GitHub for the full list of bug fixes.

Download

 Welcome March This month not only ushers in spring (hopefully) but also we are starting to see the schedule come together.  JoomlaDay ChicagoOctober 17, 2020DePaul University Chicago Loop​  Thank You Sponsors​  Thank you Yellow Web Monkey for being a Gold Sponsor for this year's event.  YellowWebMonkey Web Design is a full...

Welcome February! We are eight months out from JoomlaDay Chicago 2020. The year has started off strong with our first sponsors and speakers signing up.  JoomlaDay ChicagoOctober 17, 2020DePaul University Chicago Loop​  Thank You Sponsors​ It is a pleasure to announce silver sponsors, The Turn Group and JoomlaStars. The Turn Group is a Joo...

Joomla 3.9.15 is now available. This is a security release for the 3.x series of Joomla which addresses three low security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.15?

Joomla 3.9.15 includes three security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

• Low Priority - Core - CSRF in batch actions (affecting Joomla 3.0.0 through 3.9.14) More information »
• Low Priority - Core - CSRF com_templates LESS compiler (affecting Joomla 3.0.0 through 3.9.14) More information »
• Low Priority - Core - XSS in com_actionlogs (affecting Joomla 3.9.0 through 3.9.14) More information »

Bug fixes and Improvements

• Beez Template: Fix the consent field modal #23205
• Action Log emails: Use of absolute URLs #27432
• TinyMCE fixes: #27498 #27519
• User email addresses: Case insensitive management #24117
• Prevent library extensions to overwrite core files #27300

Visit GitHub for the full list of bug fixes.

Download

JoomlaDay is all about information sharing. We want you to be apart of it. Click the link below and tell us what YOU would like to share with our community. If you're unsure, that's ok, we can help. Our past sessions have included: Women in codeChoosing the right CCKJoomla! OverridesJoomla! Template DesignLESSJoomla! and SEOJoomla! TipsBuilding a J...

JoomlaDay Chicago joins experts, global thought leaders, technologists and enthusiasts for a one-day conference at DePaul University - Loop Campus.Sessions are planned for beginners to experts, featuring top industry speakers and presentations capturing all aspects of Joomla capabilities. This is an exciting opportunity for you to associate your br...

2019 has come to a close and I am looking forward to the new year with all of you.  I've enjoy learning with and from you how to make Joomla! sites better, grow the business and share experiences. I am grateful to everyone who takes time out of their business day to attend sessions, present at sessions, share feedback, and support JUGCN.  ...