Joomla!®
Welcome to Joomla!

Joomla! is an award-winning open source CMS for building powerful websites.

Recent Joomla! News
Support Joomla!
- Shop Joomla! Gear
- Contribution
About
What Is Joomla?

Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications.
Read more...

Joomla! for Business

Joomla! is a extremely customizable and adaptable for Enterprise, SMBs, NPOs and beyond. Read more...

Joomla! for Developers

No matter what level of experience you hold, Joomla! has strengths to match; programmers, designers and end users alike!Read more...

Learn more about Joomla!
- The Software
- The Project
- The Leadership
- Open Source Matters
Community & Support
Connect!
Support!
Read!
Get involved with Joomla!

Joomla is an open source project and contributions from the community are essential to its growth and success. Anyone can contribute on any level, even newcomers can contribute to Joomla. Read more...
Extend
Directories
Developers
Download
Download Joomla! 2.5
- 2.5 Full Package
- Update Packages
- Demo Joomla! 2.5
Download Joomla! 3.1
- 3.1 Full Package
- Update Packages
- Demo Joomla! 3.1
Getting Started with Joomla!
Internationalization
Internationalization

September 2008

2008-09 Joomla! Community Magazine

Joomla! Community Magazine - Project

Introducing JSST: The Joomla! Security Strike Team

Joomla! is serious about security.

Joomla! Security Strike Team

Security issues are an unfortunate fact of life for any online application.

The Joomla! team has always worked to aggressively defend against potential security breaches. Joomla 1.5 has deeply integrated defences against a variety of common attack vectors, such as SQL injection. Still, every complex application has the potential for vulnerabilities, and Joomla is no exception.

Last month, we experienced a worst-case scenario: an easily exploited critical vulnerability was made public before the Joomla team was made aware of it. Even though the team leaped into immediate action and issued a fix in record time, a lot of sites were affected.

In the wake of this crisis, we asked “what can we do better?” The answer is the Joomla Security Strike Team (JSST). The JSST is now the single focus point for Joomla security issues. The key responsibilities of the team are to:

Provide a single, highly visible place for reporting potential security issues, the Security Center.
Investigate and respond to core vulnerability reports.
Release information on verified issues in the most timely and responsible way possible.
Provide a reliable and highly available source of information for people writing about Joomla security.
Clearly define security threat levels and how the team will respond to them.
Help the community understand Joomla security and how to manage risk.

How to Help

Report suspected vulnerabilities to the Joomla! Security Team first.
Subscribe to the Security Center RSS feed

The JSST is taking a more proactive role to core security. Drawing on both developers and outside security experts, JSST will be performing code reviews and developing automated tests with the intent of detecting and eliminating vulnerabilities well before release.

There is no way to guarantee that Joomla can defend against any attack, but the JSST is on the job and working hard to get as close to that goal as possible!

Welcome to Joomla!

Recent Joomla! News

Support Joomla!

What Is Joomla?

Joomla! for Business

Joomla! for Developers

Learn more about Joomla!

Connect!

Support!

Read!

Get involved with Joomla!

Directories

Developers

Download Joomla! 2.5

Download Joomla! 3.1

Getting Started with Joomla!

Internationalization