[Update]This advice applies for both Joomla 3.4.6 and 3.4.7. They are patching the same file.
Joomla 3.4.6 was released today in order to fix a serious security vulnerability. For Joomla 3 users, updating is a simple one-click process from their admin area.
However, unlike previous security issues, this one applies not only to Joomla 3, but also to older versions including Joomla 1.5 and 2.5.
If you have sites running Joomla 1.5 or 2.5, follow these instructions to update today. According to security analysts, this vulnerability is being actively exploited, so please don't waste any time in updating.
How to make your Joomla 1.5 or 2.5 site safe
You need to update 1 file in order to fix your site. This is the key file:
You will need to login to your hosting company's servers via CPanel or FTP. You need access to the Joomla files, so you can’t do this via the Joomla administrator.
Here's the process you can use to update your site:
- Click here to download the update file for Joomla 2.5 or alternatively, click here for the Joomla 1.5 file. The files are different for each version, so please choose the correct one for your site.
- Extract the folder. You'll see a folder called "libraries".
- Login to your Joomla site via FTP.
- Browse to the /libraries/joomla/session/ folder.
- Replace the current session.php file with the new session.php that you just downloaded.