The Joomla! Security Strike Team (JSST) have just made this announcement and we've updated our client's websites accordingly.
Joomla! 4.2.8 is now available. This is a security release for the 4.x series of Joomla! which addresses a critical security vulnerability in the web services API. We strongly recommend that you update your sites immediately.
I cannot remember the last time there was a High Severity, Critical Impact update required for Joomla, which just goes to show what a reliable and secure content management system it is, trusted by over 1 million organisations around the world and more than 35,000 in the UK.
This is due to a highly committed and well-organised team of security experts dealing with these security issues and rapidly releasing fixes.
Due to the severity of this security issue, it is essential you update your Joomla 4.x site without delay as we have just done for our clients.
The JSST have also strongly advised the following:
After the release, we strongly advise you to renew the passwords for all credentials that are stored in the global site configuration, namely:
So here are my tips on how to change the database user password without potentially breaking your website:
- Using an FTP client (FileZilla is great), download a copy of configuration.php and edit it, changing the value of public $password = 'xxxxxxxxxxxxxxxxx'; to a new password and save this file.
- Rename it configuration-edit.php and upload back to the server.
- Edit the database user password in cPanel->MySQL® Databases page.
- Now using your FTP client, delete the configuration.php file on the server and rename configuration-edit.php to configuration.php.
- Very important - Change the file permissions of configuration.php now to 444.
- Check the website still works!
We maintain numerous Joomla websites for our clients, ensuring they are always secure and performing well.
If you need any help with maintaining your Joomla website or want a quote to upgrade it to Joomla 4, please contact us below.