Joomla! 1.0.7 released!

ImageJoomla! 1.0.7 [ Sunburst ] is now available as of Sunday 15th January 2006 21:00 UTC for download here. 1.0.7 is essentially 1.0.6 repackaged to fix one major bug in 1.0.6 - therefore it should still be considered a Security Release.  It contains nine (9) `Low Level` Security Fixes, and seventy (70) plus minor/non-critical bug fixes.

We recommend that you upgrade to this version.  If you are running 1.0.6 you MUST upgrade to 1.0.7

1.0.7 is available as a Full Package, which contains all Joomla! files and a Patch Package which contains only the files that have been changed by the Security & Bug Fix work conducted.

To ensure the integrity of the files you are downloading you are advised only to download from the 'Official Source' on the Official Joomla! Forge.  As a extra security measure we now make public the MD5 checksum of the respective package files to allow people to do integrity checking.

1.0.7 Changelog
1.0.7 Version Information
1.0.7 File MD5 checksums

Security Vunerabilities

Joomla! 1.0.7 Contains nine (9)  fixes for Security Vunerabilities.

Low Level Fixes

  • Disallow Author from publishing items or changing publish state
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Hardened Contact Component against misuse
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Added simple filtering control ability to Contact Component
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Hardened misuse of Contact Component `email copy`
    ability when not activated
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Hardened misuse of Contact Component `VCard`
    ability when not activated
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • `VCard` & `Email Copy` options set to hide by default
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Hardened Itemid against misuse
    - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
  • Multiple Vulnerabilities in TinyMCE Compressor
    - Affects all Joomla! 1.0.4 & 1.0.5

Non-Critical Bug Fixes

1.0.7 contains a fix for a bugin 1.0.6 that would overwrite the database password with a blank value when `saving` in the global configuration area.  Also this release contains a fix for a SEF problem in Joomla! 1.0.5 and it is highly advised that if you are running SEF that you upgrade to this version.
Apart from that there are 70+ non-critical bugs that have been fixed.

Package Format

To cater for the widest range of users, the package files are now available in three (3) compression file formats: Due to technical difficulties 1.0.7 Packages are currently available only in zip format.
Once our technical problems have been resolved packages will be available in tar and bzip2 formats

Upgrade Instructions

Conversion Instructions

For those converting from Mambo 4.5.2.x please read these Migration instructions.
You need to download the Joomla 1.0.7 Full package


The continued success of Joomla! is a partnership between the community and the Joomla! Team and 1.0.6 is another testimony of the strength of this cooperative endeavour.  Thank you to the community for the assistance in helping us improve Joomla 1.0.x and making it more stable.
This has been more than amply demonstrated in the communities patience to the problems in the 1.0.6 release and the quick response in identifying the problem.


Apology

I accept full responsibility for the error in 1.0.6 that has caused 1.0.7s immediate release.  It was me who introduced the code (after the Beta had been released to the coders) and it was me who had final responsibility for testing and packaging 1.0.6.  I remain fully committed to ensuring the quality of the Joomla! table code base and rest assured an examination of how to improve procedures will be conducted - Rey



Rey Gigataras [stingrey]
Joomla! Software Coding and Design
Stability Team Leader