Joomla 1.5.17 Released

Download Joomla JOOMLA.ORG released its newest version 1.5.17. The new release included some minor bug fixes. The previous 1.5.15 version had no major security issues; however there are some moderate security concerns. If your website is running a ealier version of Joomla, test the upgrade first in a development enviornment or on a lesser important website before you upgrade your live site.

How to upgrade Joomla ?

Download the needed patch file (according to the version you want to upgrade)
Backup your site files and database
Unpack the patch file
Overwrite all files on your FTP
Check that your website is working correctly

Minor security issues with Joomla 1.5.15

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.
The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server. (It is NEVER recommended to leave the installer script on a live server)
Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.
When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.