JoomlaDay Chicago and JoomlaCamp Chicago News

The 2019 JoomlaDay Chicago schedule is now live on our site.  We have some fantastic sessions to help you build a better Joomla! site.  The day includes informational sessions, Panel Discussion with our speakers, exam review sessions, and the Joomla Certification Exam.

There is one spot remaining.  We are working to fill it in the next few weeks.  Got ideas?  Let us know.

Our speakers bring varied experiences and we appreciate them giving of their time to share them with us and all of you. The topics are for beginners and beyond.  The only requirement for you to attend is an interest in learning more about Joomla!  

The day begins with welcome address from SD Williams and Keynote Address by Jason Nickerson a long-time Joomla Community member.  Jason will also discuss how to Optimize Everything on your site later in the day.

For many, building Joomla sites is not a hobby but a business, Joe Sonne, a long-time Joomla Community member, will share insights and tips on Building a Successful Joomla Based Business.

Joomla 3.9.10 is now available. This is a bug fix release for the 3.x series of Joomla which addresses one bug introduced into 3.9.9, affecting template styles of multilingual web sites.

What's in 3.9.10?

Joomla 3.9.10 is fixing one bug introduced into Joomla 3.9.9 which affects the template styles of multilingual sites and results in lost data.

Please read this JDocs FAQ page to learn more about this issue and its fix.

IMPORTANT information for users who have already updated to 3.9.9 and faced this issue.
Due to a bad sql update, the template style mapping to content languages has been lost. Unfortunately, this is an unrecoverable error.
You must either:

• Restore the data manually by upgrading to Joomla 3.9.10 and then manually editing each template style and using the "Default" Field to the language required 
• Or restore a 3.9.8 backup of your sites to recover the data before updating to Joomla 3.9.10.

We would like to take a moment to apologise to our users. 
Whilst we understand that a release which introduces a major bug is always serious - in this case the bug involved actual data lost from sites. This is a red line for us. We are going to go away and look at how we can improve our release and testing strategies and report back to our users when this is complete, detailing how we aim to improve in the future.

Joomla 3.9.9 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 30 bug fixes and improvements.

What's in 3.9.9?

Joomla 3.9.9 includes one security vulnerability fix and several bugs and improvements, including:

Security Issues Fixed

• Low Priority - Core - Filter attribute in subform fields allows remote code execution (affecting Joomla 3.9.7 through 3.9.8) More information »

Bug fixes and Improvements

• Repeatable Custom Fields: fix to keep HTML tags #25189
• Media Manager: Modal layout improved #22475
• Voting: Cache cleaned after voting #25201
• Article ordering: Items grouped by category first #25295
• Batch system: Improvements for Contact and Newsfeed #25259

Visit GitHub for the full list of bug fixes.

Download

Privacy Laws like GDPR introduced several new requirements that changed the way we think the data management and the pathway to the privacy compliance.

Read More ...

In honor of the 4th of July holiday, we're offering a chance for you to purchase JoomlaDay Chicago tickets for $40 for 4 days, July 4th thru July 7th. Bring your team or clients for more savings.

Don't delay!  There is limited space for sessions, exam and networking.  The event is located in the heart of Chicago, The Loop.  Get your tickets now.

Pricing valid July 4th through July 7th 11:59pm only.

JoomlaDay Texas will be in the Live Music Capital of the World, Austin, TX!  The event will be on Sepember 28, 2019, a little less than a month before our own JoomlaDay event.  

Each year the JoomlaDay Texas event rotates throughout Texas.  In 2018, it was held in Houston.  Through events like JoomlaDay we strength the Joomla! community, meeting, sharing, learning, and supporting each other - beginners to seasoned advanced users/developers.

Learn more at https://www.joomladaytexas.com/

The Joomla! World Conference is November 8-10, 2019 in London UK at the Ilec Conference Center.  The main stage speakers have been confirmed.  This three-day conference includes a full day of workshops and 2 days of 4 track conference sessions.  Speakers include Joomla 4 Release Lead, George Wilson, Joomla President Rowan Hoskyns Abrahall, and more.

Joomla World Conference, or JWC, is in its 7th season and is an event the brings like minded individual together to meet, learn, share, and connect.  

For more information and buy tickets, go to: conference.joomla.org

In a few short months will be 2019 JoomlaDay Chicago.  This year's Keynote Speaker is Jason Nickerson. 

Jason is a Joomla! volunteer and contributor. He currently heads up the Legal and Finance department of OSM, Open Source Matters, and has been the organizer of the Tampa Joomla Users Group and the annual JoomlaDay Florida. Jason's latest position is with the cPanel Community Team as an event planner working on the cPConference and with cPanel sponsored events like JoomlaDay Chicago.

Joomla 3.9.8 is now available. This is a bug fix release for the 3.x series of Joomla which addresses one bug introduced into 3.9.7 which affects web sites using the French Help Server.

What's in 3.9.8?

Joomla 3.9.8 is fixing one bug introduced into Joomla 3.9.7, due to the removal of the French Help Server.

Visit GitHub for more information about this issue.

Download

Joomla 3.9.7 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 40 bug fixes and improvements.

What's in 3.9.7?

Joomla 3.9.7 includes three security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

• Low Priority - Core - CSV injection in com_actionlogs (affecting Joomla 3.9.0 through 3.9.6) More information »
• Low Priority - Core - XSS in subform field (affecting Joomla 3.6.0 through 3.9.6) More information »
• Low Priority - Core - ACL hardening of com_joomlaupdate (affecting Joomla 3.8.13 through 3.9.6) More information »

Bug fixes and Improvements

• Batch system: Copy permissions of modules #24737 and categories #24730
• Progessive cache improvements #20310
• Fix to avoid duplicated custom fields in com_content #24516
• RTL improvements #23107 #24722
• Removal of the unofficial French Help Server #24927
• TinyMCE improvements: #24978 #25037
• RSS: Fix to display the right category #24932
• Media Manager: Fix directory traversal for symlinked folders #24924
• User registration: Correct http schema used #24089

Visit GitHub for the full list of bug fixes.

Download

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  

Thank you JoomlaShine for being a GOLD SPONSOR for this year’s event.

Tirelessly serving the Joomla community providing templates and extensions since 2007.

For more information about JoomlaShine, go to: joomlashine.com.

With the help of Joomla.org, we have a new video for this year's JoomlaDay Chicago event. View. Register. Share.

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  

Thank you JoomlaShack for being a SILVER SPONSOR for this year’s event.

Since 2005, Joomlashack has provided Joomla templates, Joomla extensions, and Joomla training for more than a million Joomla sites. Joomlashack develops some of the most popular and innovative extensions in Joomla, including OSMap, JCal Pro, OSMeta and OSEmbed.

For more information about JoomlaShack, go to: joomlashack.com.

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  

We are honored to have cPanel as PLATINUM SPONSOR and LANYARD SPONSOR for this year's event. 

Founded in 1997, cPanel has been powering the internet ever since.  cPanel has a strong sense of community and giving back, collaborating in ways to empower the community.  

For more information about cPanel, go to: cpanel.net.

Joomla events such as JoomlaDay and JoomlaCamp are possible through the support received from the fantastic Joomla Community.  We thank JoomShaper for supporting our event by becoming a GOLD SPONSOR.  

JoomShaper is a professional web development team focused on open-source Content Management System (CMS) Joomla!  They are also a huge supporter of Joomla! by sponsoring events for several years.  They have numerous extensions and templates as well as page builder with great features.  

For more information about JoomShaper, go to: joomshaper.com 

We are happy to announce that the election for the replacement for the Marketing & Communications Department Coordinator has been completed.

Reference:

• OSM Bylaws: https://www.opensourcematters.org/organisation/by-laws-policies.html
• Joomla! Election Cycle: https://www.opensourcematters.org/organisation/directors/election-cycle.html
• Call for Replacement Joomla Marketing & Communications Department Nominees: https://community.joomla.org/blogs/leadership/marketing-communications-dc-replacement-nominee-announcement.html

Thank you!

Following a server level compromise of the Joomla! Extensions Directory (JED), we would like to provide our community a postmortem summary of the events leading to this issue, the response from the Joomla project team members, and a plan of action moving forward to prevent a similar type of issue in the future.

In summary, this was a preventable compromise, and after analysis, we have no reason to believe that any user data has been accessed improperly.

Issue Notification

• At approximately 09:30 UTC on 15 May 2019, a security researcher notified the Joomla Security Strike Team (JSST) that they had discovered an internal Jenkins CI server used by the JED to deploy updates to their live and staging websites and were able to exploit CVE-2018-1000861 on the server, providing a screenshot of a sensitive file as proof of the exploit.  
• Upon notification, JSST members worked with JED team members to bring the affected Jenkins system offline and conduct an analysis of whether this server had been compromised in other ways.

Systems Audit

• While investigating the Jenkins server compromise, it was found that a crypto-miner had been installed and was running on the server.  A crypto-miner is a software script used to create digital currencies via abuse of server resources (CPU and memory).
• As part of the installed software, a script was found to have been added to the server’s crontab that would attempt to connect to other servers in the local network and install the same miner.  
• Since the Jenkins server was used to deploy site updates, the script was able to access the production JED server and install itself there.
• Once it had been discovered on the JED server, steps were taken immediately to bring all services on the affected servers offline and access was restricted to privileged individuals in order to conduct a full root-cause analysis and to begin executing a recovery plan.
• In parallel, the other servers hosting the joomla.org architecture were audited to ensure they had not been compromised as well, and it was determined that only the JED’s servers were affected.
• An analysis was performed on the production JED server to determine the scope of the compromise, including when the server was presumed to be breached and what resources may have been accessed.  
• The analysis concluded that the crypto-miner had been installed on the evening of 11 May 2019 and that there was no evidence of improper data access (including access to uploaded extension packages sent to the JED Checker and the site’s database).
• With the analysis concluded, the compromised server was decommissioned with a replacement server activated and a file backup from 10 May 2019 and database from 15 May 2019 restored to the new server.  
• The restoration process was completed on 16 May 2019 with the JED team taking action to re-apply pertinent user actions performed between the backup date and the time the JED was discovered to be compromised.

Plan of Action

As a result of the server compromise, several steps are being taken to ensure the security of our servers and our user’s data.  

• First, the compromised Jenkins server is scheduled to be permanently decommissioned with the JED migrating to one of the other CI servers used by Joomla in order to eliminate a redundant resource.  
• Second, all administrative access (server level passwords and SSH keys) are being reset.  
• Third, out of an abundance of caution, all remember me tokens will be invalidated, and all registered users will be required to reset their passwords.  
• Lastly, we will be reviewing our internal workflows and procedures and improving our policies and the security features made available to our users across all joomla.org subdomains (such as enabling two-factor authentication on all sites).

Questions and Answers

Q: What was the cause of the compromise?
A: A Jenkins server used to deploy updates to the JED’s production and staging websites, had not been updated to apply a security patch, resulting in the Jenkins server and the JED production server being compromised.

Q: What was the objective of the compromise?
A: According to the analysis, the crypto-miner was installed on the evening of 11 May 2019 and ran until it was detected on 15 May 2019. The crypto-miner abused server resources (CPU and memory) to mine digital currency.

J

oomla 3.9.6 is now available. This is a security fix release for the 3.x series of Joomla which addresses two security vulnerabilities and contains over 25 bug fixes and improvements.

What's in 3.9.6?

Joomla 3.9.6 includes two security vulnerability fixes and several bugs and improvements, including:

Security Issues Fixed

• Low Priority - Core - XSS in com_users ACL debug views (affecting Joomla 1.7.0 through 3.9.5) More information »
• Low Priority - Core - By-passing protection of Phar Stream Wrapper Interceptor (affecting Joomla 3.9.3 through 3.9.5) More information »

Bug fixes and Improvements

• Media Manager: Fix logic in file upload check introduced in 3.9.5 #24637
• Edge Chromium support added #24379
• User Notes: Fix date format #24529
• Frontend editing: article category editable by Publishers and up #24640
• Cache: Cache folder automatically created if it doesn’t exist #21952
• PostgreSQL database improvements #24682 #24683 #24652

Visit GitHub for the full list of bug fixes.

Download

As a big Star Wars fan could not resist offering a discount on May 4th.  Until 11:59 pm on May 4th, tickets for the JoomlaDay Chicago sessions and the Joomla Review sessions for the exams will be $40.

REGISTER NOW 

The 2019 JoomlaDay Chicago event will be here before you know it.  The event will include great sessions by knowledgeable speakers and the JoomlaDay exam.  As you may have seen in our We Have a Venue post, we will be at DePaul University, this time in the Chicago Loop. Information on the venue is on our site to help you find a place to stay as well as directions for getting to us.

Our Call for Speakers gave us some fantastic presentations.  The schedule will be posted shortly but the confirmed speakers are on our home page. Early bird pricing for the sessions is available now.  Get your ticket TODAY. 

For those looking for the Joomla Certification Exam, we offer a review followed by the exam.  

Did. you know that JoomlaDay Events are self-funded?  Yep!  They are fully funded through ticket sales and the support of the Joomla community through sponsorship from $50 to $1000.  Be a Sponsor TODAY.

Stay Tuned for more details on our 2019 JoomlaDay Chicago event.