The H-Online: Versions 1.7.5 and 2.5.1 of the open source Joomla! content management system (CMS) have been released to address two information disclosure vulnerabilities. These include one medium severity problem in Joomla! 1.7.x that could allow an unauthorized user to gain access to the error log stored on a victim’s server, and, in both versions, an inadequate validation problem that could be exploited to gain access to private data. The update to Joomla! 2.5, which arrived last month, also fixes 30 bugs, including one that caused batch processing to break.
Version 2.5.0 and the 1.7.x branch up to and including 1.7.4 are affected; upgrading to 2.5.1 and 1.7.5 fixes these problems. However, the developers remind users that the 1.7.x branch will reach its end of life on 24 February 2012. All users are advised to upgrade to the current release; upgrade instructions are provided.
More details about the update can be found in the official release announcement and in the security advisories. Joomla! 2.5.1 is available to download from the project’s site and is licensed under the GPL. The Joomla! Project is sponsored by Open Source Matters, Inc., a non-profit organization.