Joomla! 1.0.10 [ Sundown ] is now available as of Monday 26th June 2006 04:00 UTC for download here.

All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla! 

1.0.10 contains the following important security fixes:

• 03 High Level Security Fixes
• 01 Medium Level Security Fixes
• 05 Low Level security
  
• 40+ General bug fixes

If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.10 

1.0.10 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted from previous Joomla! 1.0.x versions.

• 1.0.10 Download
• 1.0.10 Version Information
• 1.0.10 Changelog
  
• 1.0.10 Package File MD5 checksums

Security Fixes

Joomla! 1.0.10 Contains nine (09) fixes for High, Medium and Low Level Security Vunerabilities.  

03 - HIGH Level Threats fixed in 1.0.10 
A1 Unvalidated Input
A1 - Secured `Remember Me` functionality against SQL injection attacks

A1 - Secured `Related Items` module against SQL injection attacks

A1 - Secured `Weblinks` submission against SQL injection attacks

01 - MEDIUM Level Threats fixed in 1.0.10
A4 Cross Site Scripting
A4 - Secured SEF from XSS vulnerability

05 - LOW Level Threats fixed in 1.0.10
A1 Unvalidated Input
A1 - Hardened frontend submission forms against spoofing

A1 - Secured mosmsg from misuse

A1 - Hardened mosgetparam by setting variable type to integer if default value is detected as numeric
A4 Cross Site Scripting
A4 - Secured com_messages from XSS vulnerability

A4 - Secured getUserStateFromRequest() from XSS vulnerability 

High Level Vulnerabilities

1.0.10 fixes 2 High Level security vulnerabilities that affect all previous versions of Joomla! 1.0.x series.

All Joomla! users are advised to upgrade to Joomla! 1.0.10