Download Joomla! 1.5.6

The developers of Joomla have released a new build in the form of version 1.5.6. Joomla is a comprehensive content management system that runs on a large number of platforms and can be used to create a weblog, website and/or collaboration site. The software also offers support for so-called extensions, with which the functionality of your own site can be expanded with, for example, statistics, response options and management tools.

The new version of Joomla can be downloaded by clicking on this link be downloaded and contains one bug fix compared to the previous release. It turns out that there is a security hole in the 1.5.x branch of Joomla that makes it possible to reset the password of the user with the lowest user ID, which is an account with administrative rights in Joomla by default. More information about the bug can be found on the Joomla Developer Blog read:

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessons the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file).