The Joomla Project is pleased to introduce a new team focused solely on managing and improving Joomla security—the Joomla Security Strike Team—and their new home at the Joomla Security Center.

The JSST replaces the previous Joomla Security Team by assembling a top-notch group of Joomla experts, complemented by security talent recruited from outside Joomla. Together, part of their goal is to investigate and respond to security matters.

JSST leader Anthony Ferrara is excited about what this means for Joomla security. "We're already well into our first mission—a low-level code audit and a deeper look into every reported vulnerability since 1.5.0 alpha."

The new JSST will call the new Joomla Security Center their home base. The Security Center provides a public presence for security issues and a platform for the JSST to help the general public better understand security and how it relates to Joomla. The Security Center also offers users a clearer understanding of how security issues are handled. There's also a news feed, which provides subscribers an up-to-the-minute notification of security issues as they arise.

"The Joomla Core Team has been planning a new security team for a few months now in order to improve efficiency and effectiveness. The previous team worked in relative isolation, but the new Strike Team will have a strong public-facing presence," said Ferrara.

But the JSST won't stop there. They fully expect the Joomla community to do its part in reporting vulnerabilities and have created a form for such reports. For each verified security issue reported, the JSST will send the user a free Joomla t-shirt.

Ferrara said, "Security is a perpetual process. We're going to make Joomla even better than it already is."

1. More user-centric design: The top portion of the home page focuses on directing users in Joomla's three primary user groups: Beginner, Intermediate & Advanced. These are three top-level "funnels" for quickly getting users to relevant content.
2. Consolidation of resources: As the previous sites grew, the architecture became more convoluted and pages with redundant resources were created or, conversely, related information was strewn across several pages. A consolidation of information should help users more logically find what they need.
3. More resources brought up to the home page: The previous home page gave users Joomla news and not much more. The lower portion of the new home page brings forward content from many of Joomla's most important aspects. Repeat visitors can get the latest information from a multitude of sources all at a glance.
4. More overall integration: Each of the Joomla sites has differing approaches to resolving unique informational and navigational aspects. When taking into consideration the evolution and overall growth of our group of sites, we have taken a hard look of the complexities and how to resolve those in a manner to give the best user experience.
5. Compliance with W3 standards: Joomla template pages validate according to the XHTML 1.0 Transitional standard. Check it out.

1. Joomla Shop at shop.joomla.org - Update planned by next week.
2. Joomla Demo at demo.joomla.org - Update planned by next week.
3. Joomla Community Portal at community.joomla.org - Coming soon.
4. Joomla Developer Network at developer.joomla.org - Coming soon.
5. Joomla Extensions Directory at extensions.joomla.org - Coming soon.
6. Joomla Discussion Forums at forum.joomla.org - Coming soon.
7. Joomla Documentation Wiki at docs.joomla.org - Coming soon.

The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

For more information about this exploit, click here to visit the Joomla Security Blog.

Instructions

• New installation
• Upgrade from an existing Joomla! 1.5 version
• Migration from Joomla! 1.0.x
• See below for manual installation instructions

Download the Joomla 1.5.6 full package now

Download update packages

Release Notes

• SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.

Manual Installation

Download the Joomla! 1.5.6 Security Patch changed files only

For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:

		components/com_user/models/reset.php
		changelog.php
		includes/framework.php
		administrator/includes/framework.php
		libraries/joomla/version.php
		libraries/joomla/environment/uri.php

This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.

The August 2008 Joomla Community Magazine is available now and it's loaded with cool stuff about the World's Greatest Open Source CMS. (Biased? pfff!) Month after month, you will find articles on Joomla 1.5 Web sites, GPL-compatiable extensions, events, communities around the world, ways to get involved, learning resources for beginners, site integrators, and developers, and the latest buzz on what's happening in the Joomla! project.

What kind of buzz, you ask? Well, this month, it's all about JoomlaConnect™, a brand new service that aggregates Joomla! community news from all around the world. Joomla Core Team member and Communications Team Lead Louis Landry developed this nifty new tool for us to use. So, if you are interested in some RSS action, get your blog firing J!, and see Getting Connected to JoomlaConnect.

Feature Articles

This month, Joomla Core Team member and Development Working Group Coordinator, Andrew Eddie kicks off the Features Section by revealing an encouraging external market survey that shows Joomla!, WordPress, and Drupal as leading Open Source CMSs worldwide. Hat tip to our friends and partners in free software. Andrew also discusses training resources for developers and calls on the faithful to lend a hand updating our dev doc. Come on, it'll make you feel good.

This is very cool --> International award winning author and illustrator Sarah Verroken shares her creative process that resulted in a captivating Joomla 1.5 Web site showcasing her unique and beautiful work. Then, more cool design --> Per Andre Ronsen combines creative talents in theology, music, and design into a hot Joomla 1.5 Web site for Soul Kids.

This month's Joomla Forum Member of the Month is Marieke van der Tuin, undeniably one of the hardest working contributors in all of J! land. Oh, and make certain to check out the great, new GPL'ed extensions highlighted by our very own Toni Marie.

Involved Community

Joomla is powered by an involved community all around the world. Case in point, Vancouver Joomla Day organizer Wendy Robinson shares Ten steps to a successful event. On the other side of the planet, Chorn Sokun and John T Denny highlight what's going on with the Cambodian Joomla! community. Then, from San Francisco, Ron Severdia, founder of PlayShakespeare.com, discusses his Joomla 1.5 site, also the subject of his recent CNN Comcast Newsmakers interview.

Then, Joomla! developer, Alan Langford of Toronto shares a thoughtful piece on why he participates in Open Source and Google Summer of Code participant, Mostafa Muhammad sends Greetings from Wikimania 2008 in Egypt. Core Team member and Fundraising Team Lead, Michelle Bisson, (Wait a minute! Isn't that a lot of Mounties?) invites the community to support Joomla! financially. Give until it hurts. Well, at least give, if you are able, knowing every little bit helps...

Joomla Learning

There are several great articles aimed at skill development for Joomla community members. Those just starting with Joomla 1.5 are encouraged to read the Learning Joomla using Sample Data written by Mark Dexter. Site Integrators will get good value from Sam Moffatt's Improve the Security of your Joomla Administrator article; practical tips from Andrew's Legacy Mode in Joomla 1.5 and Search in Joomla 1.5 pieces; and inspiration from J! talent Jennifer Marriott's Resources for Designers article.

For developers, Jens-Christian Skibakk's tutorial entitled Creating a single package for Admin and Site Languages will help you take advantage of recent Installer improvements introduced by Jens. If you are geek enough, check out the tutorial Dynamic loading of lists using AJAX in a MVC component written by the very talented, Mathieu Chauvinc.

Joomla Project

Really good effort from the Joomla! project this month. Development Working Group Leads Sam Moffatt and Anthony Ferrara share this month's release updates on Joomla 1.5.4 and 1.5.5 . The Joomla! Extensions Directory takes the Working Group spotlight -- and exceeds 3,500 Joomla Extensions! And, finally, there is that very cool announcement about JoomlaConnect™.

Next month?

Much more, and even a bit more on top of that. So, come back and get some. September's line up is all firmed up but if you are interested in sharing an article with the Joomla Community Magazine for October, we might have a spot for that. Just contact us at [email protected]  and let us know what you would like to share. Until then, have fun with Joomla.