Joomla Security Update 3.6.2
written: 11.08.2016 | by: Maria | in: Blog
A new Core XSS vulnerability, ACL violation and a CSRF problem was discovered on Joomla Versions 1.6.0 through 3.6.0. As a Joomla administrator you should have been notified by your website about this update. But updating is not straight forward this time.
The update notification for version 3.6.0 should appear in your Control Panel, if you are still on the 3.5.1. (If you get the notification for 3.6.2, make sure you have updated the Update component first as described in “next step”.)
First step is to install this update and it should run through without any problems.
BUT, always do a backup first, you never know what could go wrong. NEVER EVER update a live site without backup!
Next step is to update the update component from Joomla. Please navigate to “Extensions” -> “Manage” -> “Update” and, if necessary, click on the Button “Find Updates” and the “Joomla! Update Component Update” should appear on the list. Update this one first.
After this update is finished, navigate again to your Control Panel and you should see the notification for the Joomla 3.6.2 update.
With the updated Joomla Update Component it should be working fine, but not on every Server. If you do get a 500 Server error or just a reload of your control center after pressing on update now, it is possibly caused by one of the components.
Possible components listed so far is the Akeeba Backup and Komento. Please try to disable them if you have those and then try the update again.
Some users have also reported that they could manually install the update via “Components” -> “Joomla Update” -> Tab “Upload & Update”. For a manual update you can download the zip file from Joomla.org or directly from the linked zip file in the “Live Update” tab.
Don’t forget to empty the cache and control your site after the update.
Unfortunately there is not (yet?) a patch available for old Joomla 2.5.x versions. I assume also that there will be none. But the Security Vulnerabilities are categorized as low and medium, so no need to panic yet, although an update to Joomla 3.6 is highly recommended.
Hope this was helpful, please let me know if you run into any problems!