All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla!
1.0.10 contains the following important security fixes:
03 High Level Security Fixes
01 Medium Level Security Fixes
05 Low Level security
40+ General bug fixes
If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.10
1.0.10 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.
Security Fixes
Joomla! 1.0.10 Contains nine (09) fixes for High, Medium and Low Level Security Vunerabilities.
Cita:
High Level Vulnerabilities03 - HIGH Level Threats fixed in 1.0.10
A1 Unvalidated Input
A1 - Secured `Remember Me` functionality against SQL injection attacks
A1 - Secured `Related Items` module against SQL injection attacks
A1 - Secured `Weblinks` submission against SQL injection attacks
01 - MEDIUM Level Threats fixed in 1.0.10
A4 Cross Site Scripting
A4 - Secured SEF from XSS vulnerability
05 - LOW Level Threats fixed in 1.0.10
A1 Unvalidated Input
A1 - Hardened frontend submission forms against spoofing
A1 - Secured mosmsg from misuse
A1 - Hardened mosgetparam by setting variable type to integer if default value is detected as numeric
A4 Cross Site Scripting
A4 - Secured com_messages from XSS vulnerability
A4 - Secured getUserStateFromRequest() from XSS vulnerability
A1 Unvalidated Input
A1 - Secured `Remember Me` functionality against SQL injection attacks
A1 - Secured `Related Items` module against SQL injection attacks
A1 - Secured `Weblinks` submission against SQL injection attacks
01 - MEDIUM Level Threats fixed in 1.0.10
A4 Cross Site Scripting
A4 - Secured SEF from XSS vulnerability
05 - LOW Level Threats fixed in 1.0.10
A1 Unvalidated Input
A1 - Hardened frontend submission forms against spoofing
A1 - Secured mosmsg from misuse
A1 - Hardened mosgetparam by setting variable type to integer if default value is detected as numeric
A4 Cross Site Scripting
A4 - Secured com_messages from XSS vulnerability
A4 - Secured getUserStateFromRequest() from XSS vulnerability
1.0.10 fixes 2 High Level security vulnerabilities that affect all previous versions of Joomla! 1.0.x series.
All Joomla! users are advised to upgrade to Joomla! 1.0.10
New to Joomla! or starting a new site
Are you a new Joomla! user? Confused as to which of the 30 available packages to dowload?
The answer is simple. If you are creating a site for the first time, you will need the Full Package file:
1.0.10 Stable Full Package
The other packages are for those users who have already have an existing Joomla! site and wish to upgrade to the latest version.
Upgrade Instructions
Upgrading from any version of Joomla! 1.0.x to 1.0.10, simply involves overwriting your current sites files, with the files in the proper Patch Package that applies to your site.
So if you are running Joomla! 1.0.5, you will need the 1.0.5 to 1.0.10 Patch Package.
This can be done by either uncompressing the Patch Package and then using an FTP client to transfer these files to your server and overwriting existing file. If you find errors after the process, ensure that all files were properly transferred. There have been verified reports of some FTP clients not properly transferring files across to a server - without notifying the user of such a problem.
If your Web Provider gives you access to your site via some sort of Web Admin panel like CPanel or Plesk, you can use the syetems file manager to upload the Patch Package file to your server and then extracting the package file and overwriting all the files on your server.
More information can be found on the Forums and if at any stage you are unsure, then search the forums for posts on the subject. Most will be found in the Upgrading Forum.
Conversion Instructions
For those converting from Mambo 4.5.2.x or Mambo 4.5.3 please read these Migration instructions.
You will to need to download the Joomla 1.0.10 Full package.
Backing Up
Before undertaking an Upgrade or Conversion, it is extremely important that you backup your site Database and if possible, also you site files. While we try to ensure that an Upgrade or Conversion process is relatively straightforward, we cannot garuantee that this will always be the case for every user. So it is imperative that users take protective measures in case they face problems after the Upgrade or Conversion.
Package Integrity
To ensure the integrity of the files you are downloading, you are advised only to download from the 'Official Source' on the Ofifical Joomla! Forge. As an extra security measure we now make available the MD5 checksum values of the respective package files, to allow people to do integrity checking.
Packages
Joomla! 1.0.10 comes as a Full Package:
1.0.10 Stable Full Package
and Patch Packages:
1.0.0 to 1.0.10 Patch
1.0.1 to 1.0.10 Patch
1.0.2 to 1.0.10 Patch
1.0.3 to 1.0.10 Patch
1.0.4 to 1.0.10 Patch
1.0.5 to 1.0.10 Patch
1.0.6 to 1.0.10 Patch
1.0.7 to 1.0.10 Patch
1.0.8 to 1.0.10 Patch
1.0.9 to 1.0.10 Patch
Nota: luego estara en español.
Saludos y Buen Día
Gustavo Raúl Aragón
