JoomlaDay Chicago and JoomlaCamp Chicago News

Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.5?

Joomla 3.9.5 includes three security vulnerabilities fixes and several bugs and improvements, including:

Security Issues Fixed

• Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) More information »
• High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) More information »
• Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) More information »

Bug fixes and Improvements

• User Password: Add minimum lowercase rule for password validation #24230
• Associations tab: Fix wrong behaviour of Indonesian language #24244
• Debug language: Fix User Actions Log Manager #24178
• New installation language: Kazakh #24233
• Google Authenticator plugin (2FA): QR-code generator implemented #24255

Visit GitHub for the full list of bug fixes.

Download

It’s an exciting day for The Joomla Project and BRANDIT! 
As the consolidation and packaging of web services move forward, we are happy to announce the official launch of our domains platform (powered by BRANDIT), domains.joomla.org.

Every website starts with a domain name, and by offering domains directly from Joomla.org, our users gain a new way to help build their online presence whilst helping the project financially.  

Domains.joomla.org is a full domain registry service that gives Joomla a direct connection to TLD’s and Registrars. 
This partnership opens up new opportunities for sponsorship and special offers to the Joomla Community.  
As we launch the platform, two registrars have already sponsored several JoomlaDays, and BRANDIT has become a Platinum Sponsor of the Joomla Project.

Whether you are looking for a new domain name or to transfer your existing domain portfolio, Domains.joomla.org is the perfect platform. Offering you a wide range of TLDs alongside a robust and intuitive industry leading control panel for domain management.  

It is that simple, get started today, together Joomla and BRANDIT make your domains feel at home!

Benefit from the special Offers for the launch!

JoomlaDay is all about information sharing. We want you to be apart of it. Click the link below and tell us what YOU would like to share with our community. If you're unsure, that's ok, we can help.

Our past sessions have included:

• Women in code
• Choosing the right CCK
• Joomla! Overrides
• Joomla! Template Design
• LESS
• Joomla! and SEO
• Joomla! Tips
• Building a Joomla Component
• and more

All that we ask is that it be related to Joomla!, Web Design/Development, Web Agency, Business, or Marketing.   JoomlaDay Speakers receive free admission to the event and treated to a speaker's dinner.  Space is limited.

Sign-up Today! to be JoomlaDay Chicago 2019 Speaker

Joomla 3.9.4 is now available. This is a security fix release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.

What's in 3.9.4?

Joomla 3.9.4 includes 4 security vulnerabilities fixes and several bugs and improvements, including:

Security Issues Fixed

• High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3) More information »
• Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3) More information »
• Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3) More information »
• Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3) More information »

Bug fixes and Improvements

• User Terms (#23787) and Privacy Consent (#23660) plugins: Layouts for the label and message added
• Featured articles: Page subheading added #23583
• Custom formfield layout paths simplified #22645
• Com_contact: Contact name field moved out of the Contact Information block #23563
• Custom module: Improvement of the frontend editing #23741
• Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged

Visit GitHub for the full list of bug fixes.

Download

Joomla World Conference (JWC) will be held in London, UK, from November 8th to 10th, 2019. The Conference will bring the brightest Joomla minds together to share their experiences, connect with others, and learn more about Joomla and its community.

​What is JWC?

"Joomla! World Conference (JWC) is an annual user conference aimed at users of the award winning Joomla! content management system. Joomla! powers over 3% of the entire world's websites and is used by individuals, multi-national corporations, governments and charities to serve and manage their online presence in an efficient, flexible and expandable way. With over 10,000 extensions to further extend Joomla! capabilities as well as a support network of thousands of developers, integrators and designers, the JWC is the place to be to meet, learn, share and connect."  - ​conference.joomla.org​

The Joomla World Conference (JWC) started in 2012 and is in a different venue/city each time around the world.  This three-day conference will include a mix of keynotes, presentations, workshops and sessions.  Each JWC is brought to you by a team of volunteers and the Joomla! Project. Joomla!® is the trademark of Open Source Matters, Inc. in the United States and other countries.

A report by Check Point Research has been brought to our attention relating to a security vulnerability that was patched back in December 2015. This report has also been picked up by Threat Post.

Both reports contain a great deal of inaccuracies and intimate that the vulnerability detailed is a current one. 
This statement serves to clarify the facts surrounding this issue. Furthermore we would like to assure our user base that, much as these posts attempt to state that this is a current issue, the truth of the matter is far from that.

With this in mind, we would like to clarify a few points:

• There is no current security issue with the JMail class.
• The underlying issue, used to create and store the backdoor, is a PHP issue rather than a Joomla issue.
• A successful attack is only possible with severely outdated PHP and Joomla versions that are more than 3 years out of date (PHP versions 5.4.45, 5.5.29, 5.6.13 and all higher versions are patched for this vulnerability). Please see our recent article about the importance of keeping your sites up to date here.
• A mitigation for Joomla 1.5, 2.5 and 3 was released more than 3 years ago in December 2015. Patches for EOL versions were released alongside the Joomla 3.4.7 release. Patches for the other Joomla versions are still available here. The Joomla Project also distributed WAF rules to many shared hosting providers at the time of discovery to protect against common exploits of this vulnerability.
• The file mentioned in Check Point's report is not a Joomla core file, it's a copy of the original class used by the attacker to obfuscate a backdoor.
• The file does not "override" the core JMail class.

More information on the exploit

The pattern described by Check Point is a classic one - where an attacker exploits a well-known security issue. The issue is over 3 years old and stems from a security issue found in PHP, rather than the Joomla core.  More information on this issue can be found here:

We are thrilled to have secured space at DePaul University Loop Campus for this year's JoomlaDay Chicago event.  The venue is in Chicago's Loop with lots of great Chicago attractions near by.  Accessible by public transportation, expressway or cab.

Stay tuned for more event information!

January 30th 2019 - It’s freezing cold in Chicago today and according to the news, it’s even colder than on the Mount Everest - so a perfect day to stay inside a warm building, sitting in front of your machine and having a (sorry, bad Everest joke) summit!

Read More on Joomla.org

Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.

Joomla 3.9.2 is now available. This is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains over 50 bug fixes and improvements.

As we countdown to 2019, we’ll be raising a glass (or two) to all our incredible volunteers who have made the leaps and bounds of 2018 possible.

Joomla 3.9.1 is now available. This is a bug fix release for the 3.x series of Joomla including over 40 bug fixes and improvements.

THM Gießen has been organising "Web Programming Weeks" for 10 years. On the occasion of this year's anniversary, the Faculty of Mathematics, Natural Sciences and Computer Science (MNI) once again offered the opportunity to work intensively with the Joomla CMS.

Continue Reading on Joomla.org

Joomla 3.8.12 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.

Danico Intern Alisha

On September 22nd is the first JoomlaCamp Chicago. Another first, is that our site was built entirely by a Danico Enterprises intern, Alisha. 

She was a graduating senior from a local high school. Alisha was a recommendation from past intern Mary, who as of this past Spring completed her first year at the University of Wisconsin-Madison.  Alisha came with some coding skills, having been involved in her school’s Robotics Club, but she’d not used a CMS or content Management Systems. During Alisha’s time at Danico she built two sites, one in WordPress and one in Joomla - this one, the JoomlaCamp Chicago site. 

She worked through the entire process from gathering requirements through launch and tuning. Alisha even selected the images.  Her client was me, SD and I’m a pretty tough customer to work with. Some challenges were done for teaching moments and others were just things that came up. 

I think Alisha did a great job and wish her much success as she enters her freshman year at MIT.  
(Click here to read more about Alisha's internship experience) 

But before you go, tell us what you think of the site and better yet REGISTER to join us at JoomlaCamp Chicago Saturday, September 22.

Today is the 13th birthday of Joomla, so we're sharing our 13 reasons why we love JOOMLA

1. Strong Community Support
2. Flexible
3. Easy to Use
4. Extendable
5. Stable
6. Secure
7. Follows Coding Standards
8. Multilingual Capabilities
9. eCommerce Capabilities
10. Blogging Capabilities
11. Great User Management with Access Control - right out of the box!
12. Easy to update and keep secure
13. OPEN SOURCE