As part of our post-release review process for the 3.6.4 release, the Joomla! Security Strike Team has identified and confirmed an additional side effect of the issue resolved in security advisory 20161002 (CVE-2016-8869) and as such we have revised our assessment of this issue.
Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses three critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately.
This release only contains the security fixes and bug fix; no other changes have been made compared to the Joomla! 3.6.3 release.
Note: This announcement was revised on 27 October to include a third vulnerability confirmed after the release, please see this announcement for additional information.
What's in 3.6.4
Version 3.6.4 is released to address two critical security issues and a bug regarding two-factor authentication.
Security Issues Fixed
High Priority - Core - Account Creation (affecting Joomla! 3.4.4 through 3.6.3) More information »
High Priority - Core - Elevated Privileges (affecting Joomla! 3.4.4 through 3.6.3) More information »
High Priority - Core - Account Modifications (affecting Joomla! 3.4.4 through 3.6.3) More information »
Joomla! 3.6.3 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes a Backwards Compatibility Break we made in 3.6.2 with the article ordering. In addition there are a large number of minor improvements and bug fixes.
What's in 3.6.3
Joomla! 3.6.3 comes with more than 350 merged PR and small improvements in many areas. We have also updated the wysiwyg editors: