• News

    The latest info on JoomlaCamp and JoomlaDay Chicago

JoomlaDay Chicago and JoomlaCamp Chicago News

4th of July Sale - Tickets $40 for 4 Days

4thjuly

In honor of the 4th of July holiday, we're offering a chance for you to purchase JoomlaDay Chicago tickets for $40 for 4 days, July 4th thru July 7th. Bring your team or clients for more savings.

Don't delay!  There is limited space for sessions, exam and networking.  The event is located in the heart of Chicago, The Loop.  Get your tickets now.

Pricing valid July 4th through July 7th 11:59pm only.

  296 Hits
  0 Comments
296 Hits
0 Comments

JoomlaDay Texas September 28, 2019

jdayTXLOGO-header

JoomlaDay Texas will be in the Live Music Capital of the World, Austin, TX!  The event will be on Sepember 28, 2019, a little less than a month before our own JoomlaDay event.  

Each year the JoomlaDay Texas event rotates throughout Texas.  In 2018, it was held in Houston.  Through events like JoomlaDay we strength the Joomla! community, meeting, sharing, learning, and supporting each other - beginners to seasoned advanced users/developers.

Learn more at https://www.joomladaytexas.com/

  216 Hits
  0 Comments
216 Hits
0 Comments

JWC Speakers Confirmed

jwclogo-410

The Joomla! World Conference is November 8-10, 2019 in London UK at the Ilec Conference Center.  The main stage speakers have been confirmed.  This three-day conference includes a full day of workshops and 2 days of 4 track conference sessions.  Speakers include Joomla 4 Release Lead, George Wilson, Joomla President Rowan Hoskyns Abrahall, and more.

Joomla World Conference, or JWC, is in its 7th season and is an event the brings like minded individual together to meet, learn, share, and connect.  

For more information and buy tickets, go to: conference.joomla.org

  276 Hits
  0 Comments
276 Hits
0 Comments

Our Keynote Speaker - Jason Nickerson

2019-keynote-speaker-nickerson

In a few short months will be 2019 JoomlaDay Chicago.  This year's Keynote Speaker is Jason Nickerson. 

Jason is a Joomla! volunteer and contributor. He currently heads up the Legal and Finance department of OSM, Open Source Matters, and has been the organizer of the Tampa Joomla Users Group and the annual JoomlaDay Florida. Jason's latest position is with the cPanel Community Team as an event planner working on the cPConference and with cPanel sponsored events like JoomlaDay Chicago.

 

  309 Hits
  0 Comments
309 Hits
0 Comments

Joomla 3.9.8 Release

Joomla 3.9.8 Release

Joomla 3.9.8 is now available. This is a bug fix release for the 3.x series of Joomla which addresses one bug introduced into 3.9.7 which affects web sites using the French Help Server.

What's in 3.9.8?

Joomla 3.9.8 is fixing one bug introduced into Joomla 3.9.7, due to the removal of the French Help Server.

Visit GitHub for more information about this issue.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.8 release.

Continue reading
  278 Hits
  0 Comments

Copyright

© Joomla.org

278 Hits
0 Comments

Joomla 3.9.7 Release

Joomla 3.9.7 Release

Joomla 3.9.7 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 40 bug fixes and improvements.

What's in 3.9.7?

Joomla 3.9.7 includes three security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - CSV injection in com_actionlogs (affecting Joomla 3.9.0 through 3.9.6) More information »
  • Low Priority - Core - XSS in subform field (affecting Joomla 3.6.0 through 3.9.6) More information »
  • Low Priority - Core - ACL hardening of com_joomlaupdate (affecting Joomla 3.8.13 through 3.9.6) More information »

Bug fixes and Improvements

  • Batch system: Copy permissions of modules #24737 and categories #24730
  • Progessive cache improvements #20310
  • Fix to avoid duplicated custom fields in com_content #24516
  • RTL improvements #23107 #24722
  • Removal of the unofficial French Help Server #24927
  • TinyMCE improvements: #24978 #25037
  • RSS: Fix to display the right category #24932
  • Media Manager: Fix directory traversal for symlinked folders #24924
  • User registration: Correct http schema used #24089

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.7 release.

Continue reading
  272 Hits
  0 Comments

Copyright

© Joomla.org

272 Hits
0 Comments

Thank You JoomlaShine for Your Support

spn-joomlashine

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  

Thank you JoomlaShine for being a GOLD SPONSOR for this year’s event.

Tirelessly serving the Joomla community providing templates and extensions since 2007.

For more information about JoomlaShine, go to: joomlashine.com.

  230 Hits
  0 Comments
230 Hits
0 Comments

Have You Seen Our Video

joomladay

With the help of Joomla.org, we have a new video for this year's JoomlaDay Chicago event. View. Register. Share.

  191 Hits
  0 Comments
191 Hits
0 Comments

Thank You JoomlaShack for Your Support

spn-joomlashack

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  

Thank you JoomlaShack for being a SILVER SPONSOR for this year’s event.

Since 2005, Joomlashack has provided Joomla templates, Joomla extensions, and Joomla training for more than a million Joomla sites. Joomlashack develops some of the most popular and innovative extensions in Joomla, including OSMap, JCal Pro, OSMeta and OSEmbed.

For more information about JoomlaShack, go to: joomlashack.com.

  233 Hits
  0 Comments
233 Hits
0 Comments

We're Honored to Have Platinum Sponsor cPanel

spn-cpanel

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  

We are honored to have cPanel as PLATINUM SPONSOR and LANYARD SPONSOR for this year's event. 

Founded in 1997, cPanel has been powering the internet ever since.  cPanel has a strong sense of community and giving back, collaborating in ways to empower the community.  

For more information about cPanel, go to: cpanel.net.

  236 Hits
  0 Comments
236 Hits
0 Comments

Thank you JoomShaper for your support!

2019JoomlaDayChicago-Logo-JoomShape_20190522-213427_1

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  We thank JoomShaper for supporting our event by becoming a GOLD SPONSOR.  

JoomShaper is a professional web development team focused on open-source Content Management System (CMS) Joomla!  They are also a huge supporter of Joomla! by sponsoring events for several years.  They have numerous extensions and templates as well as page builder with great features.  

For more information about JoomShaper, go to: joomshaper.com 

  336 Hits
  0 Comments
336 Hits
0 Comments

Marketing & Communication Department Coordinator Election Result

Rachel-Walraven

We are happy to announce that the election for the replacement for the Marketing & Communications Department Coordinator has been completed.

Marketing & Communications
Department Coordinator

Rachel Walraven


Reference:

Thank you!

  197 Hits
  0 Comments

Copyright

© joomla.org

197 Hits
0 Comments

JED Server Security Incident Report

breach

Following a server level compromise of the Joomla! Extensions Directory (JED), we would like to provide our community a postmortem summary of the events leading to this issue, the response from the Joomla project team members, and a plan of action moving forward to prevent a similar type of issue in the future.

In summary, this was a preventable compromise, and after analysis, we have no reason to believe that any user data has been accessed improperly.

Issue Notification

  • At approximately 09:30 UTC on 15 May 2019, a security researcher notified the Joomla Security Strike Team (JSST) that they had discovered an internal Jenkins CI server used by the JED to deploy updates to their live and staging websites and were able to exploit CVE-2018-1000861 on the server, providing a screenshot of a sensitive file as proof of the exploit.  
  • Upon notification, JSST members worked with JED team members to bring the affected Jenkins system offline and conduct an analysis of whether this server had been compromised in other ways.

Systems Audit

  • While investigating the Jenkins server compromise, it was found that a crypto-miner had been installed and was running on the server.  A crypto-miner is a software script used to create digital currencies via abuse of server resources (CPU and memory).
  • As part of the installed software, a script was found to have been added to the server’s crontab that would attempt to connect to other servers in the local network and install the same miner.  
  • Since the Jenkins server was used to deploy site updates, the script was able to access the production JED server and install itself there.
  • Once it had been discovered on the JED server, steps were taken immediately to bring all services on the affected servers offline and access was restricted to privileged individuals in order to conduct a full root-cause analysis and to begin executing a recovery plan.
  • In parallel, the other servers hosting the joomla.org architecture were audited to ensure they had not been compromised as well, and it was determined that only the JED’s servers were affected.
  • An analysis was performed on the production JED server to determine the scope of the compromise, including when the server was presumed to be breached and what resources may have been accessed.  
  • The analysis concluded that the crypto-miner had been installed on the evening of 11 May 2019 and that there was no evidence of improper data access (including access to uploaded extension packages sent to the JED Checker and the site’s database).
  • With the analysis concluded, the compromised server was decommissioned with a replacement server activated and a file backup from 10 May 2019 and database from 15 May 2019 restored to the new server.  
  • The restoration process was completed on 16 May 2019 with the JED team taking action to re-apply pertinent user actions performed between the backup date and the time the JED was discovered to be compromised.

Plan of Action

As a result of the server compromise, several steps are being taken to ensure the security of our servers and our user’s data.  

  • First, the compromised Jenkins server is scheduled to be permanently decommissioned with the JED migrating to one of the other CI servers used by Joomla in order to eliminate a redundant resource.  
  • Second, all administrative access (server level passwords and SSH keys) are being reset.  
  • Third, out of an abundance of caution, all remember me tokens will be invalidated, and all registered users will be required to reset their passwords.  
  • Lastly, we will be reviewing our internal workflows and procedures and improving our policies and the security features made available to our users across all joomla.org subdomains (such as enabling two-factor authentication on all sites).

Questions and Answers

Q: What was the cause of the compromise?
A: A Jenkins server used to deploy updates to the JED’s production and staging websites, had not been updated to apply a security patch, resulting in the Jenkins server and the JED production server being compromised.

Q: What was the objective of the compromise?
A: According to the analysis, the crypto-miner was installed on the evening of 11 May 2019 and ran until it was detected on 15 May 2019. The crypto-miner abused server resources (CPU and memory) to mine digital currency.

Continue reading
  240 Hits
  0 Comments

Copyright

© joomla.org

240 Hits
0 Comments

Joomla 3.9.6 Release

Joomla 3.9.6 Release

J

oomla 3.9.6 is now available. This is a security fix release for the 3.x series of Joomla which addresses two security vulnerabilities and contains over 25 bug fixes and improvements.

What's in 3.9.6?

Joomla 3.9.6 includes two security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - XSS in com_users ACL debug views (affecting Joomla 1.7.0 through 3.9.5) More information »
  • Low Priority - Core - By-passing protection of Phar Stream Wrapper Interceptor (affecting Joomla 3.9.3 through 3.9.5) More information »

Bug fixes and Improvements

  • Media Manager: Fix logic in file upload check introduced in 3.9.5 #24637
  • Edge Chromium support added #24379
  • User Notes: Fix date format #24529
  • Frontend editing: article category editable by Publishers and up #24640
  • Cache: Cache folder automatically created if it doesn’t exist #21952
  • PostgreSQL database improvements #24682 #24683 #24652

Visit GitHub for the full list of bug fixes.

Download

Continue reading
  316 Hits
  0 Comments

Copyright

© Joomla.org

316 Hits
0 Comments

Discount Tickets for May 4th

discount-may4th

As a big Star Wars fan could not resist offering a discount on May 4th.  Until 11:59 pm on May 4th, tickets for the JoomlaDay Chicago sessions and the Joomla Review sessions for the exams will be $40.

REGISTER NOW 

  269 Hits
  0 Comments
269 Hits
0 Comments

Get Your Tickets NOW

jday-earlybird-june30

The 2019 JoomlaDay Chicago event will be here before you know it.  The event will include great sessions by knowledgeable speakers and the JoomlaDay exam.  As you may have seen in our We Have a Venue post, we will be at DePaul University, this time in the Chicago Loop. Information on the venue is on our site to help you find a place to stay as well as directions for getting to us.

Our Call for Speakers gave us some fantastic presentations.  The schedule will be posted shortly but the confirmed speakers are on our home page. Early bird pricing for the sessions is available now.  Get your ticket TODAY. 

For those looking for the Joomla Certification Exam, we offer a review followed by the exam.  

Did. you know that JoomlaDay Events are self-funded?  Yep!  They are fully funded through ticket sales and the support of the Joomla community through sponsorship from $50 to $1000.  Be a Sponsor TODAY.

Stay Tuned for more details on our 2019 JoomlaDay Chicago event.

  385 Hits
  0 Comments

Copyright

© image credit: Carrie Dodt

385 Hits
0 Comments

Joomla 3.9.5 Release

Joomla 3.9.5 Release

Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.5?

Joomla 3.9.5 includes three security vulnerabilities fixes and several bugs and improvements, including:

Security Issues Fixed

  • Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) More information »
  • High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) More information »
  • Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) More information »

Bug fixes and Improvements

  • User Password: Add minimum lowercase rule for password validation #24230
  • Associations tab: Fix wrong behaviour of Indonesian language #24244
  • Debug language: Fix User Actions Log Manager #24178
  • New installation language: Kazakh #24233
  • Google Authenticator plugin (2FA): QR-code generator implemented #24255

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.5 release.

Continue reading
  309 Hits
  0 Comments

Copyright

© Joomla.org

309 Hits
0 Comments

Because Open Source Matters … and Domains too!

Because Open Source Matters … and Domains too!

It’s an exciting day for The Joomla Project and BRANDIT! 
As the consolidation and packaging of web services move forward, we are happy to announce the official launch of our domains platform (powered by BRANDIT), domains.joomla.org.

Every website starts with a domain name, and by offering domains directly from Joomla.org, our users gain a new way to help build their online presence whilst helping the project financially.  

Domains.joomla.org is a full domain registry service that gives Joomla a direct connection to TLD’s and Registrars. 
This partnership opens up new opportunities for sponsorship and special offers to the Joomla Community.  
As we launch the platform, two registrars have already sponsored several JoomlaDays, and BRANDIT has become a Platinum Sponsor of the Joomla Project.

Whether you are looking for a new domain name or to transfer your existing domain portfolio, Domains.joomla.org is the perfect platform. Offering you a wide range of TLDs alongside a robust and intuitive industry leading control panel for domain management.  

It is that simple, get started today, together Joomla and BRANDIT make your domains feel at home!

Benefit from the special Offers for the launch!

.com

9.99€ for the first year and transfers

.club

0,99€ for the first year

.at

9.99€ for the first year
 
  259 Hits
  0 Comments

Copyright

© Joomla.org

259 Hits
0 Comments

Call for Speakers!

callforspeakers

JoomlaDay is all about information sharing. We want you to be apart of it. Click the link below and tell us what YOU would like to share with our community. If you're unsure, that's ok, we can help.

Our past sessions have included:

  • Women in code
  • Choosing the right CCK
  • Joomla! Overrides
  • Joomla! Template Design
  • LESS
  • Joomla! and SEO
  • Joomla! Tips
  • Building a Joomla Component
  • and more

All that we ask is that it be related to Joomla!, Web Design/Development, Web Agency, Business, or Marketing.   JoomlaDay Speakers receive free admission to the event and treated to a speaker's dinner.  Space is limited.

Sign-up Today! to be JoomlaDay Chicago 2019 Speaker

  323 Hits
  0 Comments
323 Hits
0 Comments

Joomla 3.9.4 Release

Joomla 3.9.4 Release

Joomla 3.9.4 is now available. This is a security fix release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.

What's in 3.9.4?

Joomla 3.9.4 includes 4 security vulnerabilities fixes and several bugs and improvements, including:

Security Issues Fixed

  • High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3) More information »
  • Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3) More information »
  • Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3) More information »
  • Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3) More information »

Bug fixes and Improvements

  • User Terms (#23787) and Privacy Consent (#23660) plugins: Layouts for the label and message added
  • Featured articles: Page subheading added #23583
  • Custom formfield layout paths simplified #22645
  • Com_contact: Contact name field moved out of the Contact Information block #23563
  • Custom module: Improvement of the frontend editing #23741
  • Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged

Visit GitHub for the full list of bug fixes.

Download

Upgrade Packages

Upgrade Packages
Joomla 3 upgrade packages

Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.4 release.

Continue reading
  323 Hits
  0 Comments

Copyright

© Joomla.org

323 Hits
0 Comments

Joomla! Volunteers Portal