The Joomla Project is pleased to introduce a new team focused solely on managing and improving Joomla security—the Joomla Security Strike Team—and their new home at the Joomla Security Center.

The JSST replaces the previous Joomla Security Team by assembling a top-notch group of Joomla experts, complemented by security talent recruited from outside Joomla. Together, part of their goal is to investigate and respond to security matters.

Be first to comment this article | Quote this article on your site | E-mail

This morning, Joomla.org was defaced a few hours after releasing our new design. This is not a new security issue, but only poor system administration practices on our part. When we updated our Web sites with the Joomla 1.5.6 security fix released yesterday, we simply forgot to update one of our small, non-public development sites.

Now, we could offer many excuses why it was overlooked—we were focused on fixing this vulnerability, creating the packages, and getting the word out. But the truth is, there is no excuse. This is an obvious and sobering reminder to the Joomla Project that staying current with upgrades is the most important step towards protecting your Web site.

Nothing but good will come of this experience. There's nothing like first hand experience to remind us of the trust our end user community places in us and the importance of working harder and smarter towards improving security.

Please, upgrade to Joomla 1.5.6 now, if you have not already done so. In retrospect, we wish we'd followed our own advice more diligently.

Be first to comment this article | Quote this article on your site | E-mail