Joomla! 1.5.6 Released

ImageThe Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.
 
Release Notes
SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.
 
Manual Installation
For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:

/components/com_user/models/reset.php

/changelog.php

/includes/framework.php

/administrator/includes/framework.php

/libraries/joomla/version.php

/libraries/joomla/environment/uri.php

This patch will only update installations of Joomla 1.5.5. If you're using an earlier version, it is recommended you update prior to updating these files.

Joomla! 1.5.7 Goals

Due to the urgent nature of the Joomla 1.5.6 release, the following goals were pushed from version 1.5.6 to 1.5.7:

  •   Menu performance improvements
  •   Replacement of the Pear library
  •   Update of the OpenID library to v 2.0
  •   Consistency for 403 errors and "Register to Read More" functionality
  •   Identify and fix Form Redirects that do not have SEF URLs
  •   Expand Automated URL testing scenarios
  •   Recruit Bug Squad members who use Joomla with non-English languages, especially those who use a RTL language
  •   Introduction of Unit Testing
  •   Continue working on the //TODO tags in source code