J! 3.3.6 and 2.5.27 Security Releases and Shellshock

Joomla 3.3.6 and Joomla 2.5.27 have been released.

Shellshock is a real threat

Both packages are high priority security releases. So, all Joomla 3.X websites should upgrade to Joomla 3.3.6 and all Joomla 2.5 series to Joomla 2.5.27. According to the Joomla technical requirements, the Joomla 3.3.6 release will only work on PHP versions 5.3.10 or better.

Here is a quick summary that will help you decide:

If your website is using

  • a Joomla 2.5.X version, you should update to Joomla 2.5.27 and plan to update to Joomla 3.X as soon as possible since support for Joomla 2.5 stops end of this year.
  • a Joomla 3.3.X version, you should update to Joomla 3.3.6.
  • a Joomla 3.2.X version (because 3.2.X still supports PHP 5.3.1 through 5.3.9), you should update to Joomla 3.2.7.

As usual backup before upgrading your Joomla websites and verify that all third party extensions (including your template) are compatible.

In case you upgraded to 2.5.26/3.2.6/3.3.5

If you had previously upgraded to one of the "short-lived" 2.5.26/3.2.6/3.3.5 releases in which an upgrader bug slipped in, you will notice that the one-click upgrade method will not work to upgrade to 2.5.27/3.2.7/3.3.6. Instead, you would need to use one of the alternative upgrade methods B or C.

Shellshock is a real threat

Disclosed on September 24th, 2014, Shellshock, also known as Bashdoor, is a family of security bugs affecting the widely used Unix Bash shell. Simply put, this bug allows remote attackers to execute arbitrary code on hosting environments using unpatched Bash shells.

Security wise, this ia as bad as it gets and the potential harm that can be inflicted is enormous. Everyone needs to take action now to either patch their hosts as needed or make sure that their hosting environments are secure.

So, if you are in charge of maintaining a host that has a Unix Bash shell, you need to patch it now. Also make sure that you upgrade all your computers and network and any other embedded equipment that might contain bash. Also old ones, since that security bug is present and got unnoticed since 22 years.

Even though you might not be aware that you are using a Bash shell, your webserver environment might be using it to execute your Joomla PHP.

If you have a website that is being hosted somewhere, you need to contact the host helpdesk and confirm that your environment is secure against this bug.





Listen Live....

Playing now on #TRSV #Radio Hits

At a Glance...

We believe in what we do, and that it is worth doing well. Others may see this as a cost-adding factor.
We at PHMC GPE believe that our working model will bring added value for our Customers to strengthen their businesses.
PHMC GPE LLC is an innovative company constantly keeping its knowledge and skills up-to-date. We are providing solutions to our clients meeting ROI and maintaining profitability.
PHMC GPE LLC is constantly working on new innovations. This ensures our clients to get flexible and scalable solutions.


Holistic Overview #1

Holistic Overview #1


GDPR Compliant

Company Offices


  • Newark USA
    London UK
    Broadway USA



Marketing and Corporate Communication Agency, Print, ON and OFF Line...

Positioned to Influence... Appointed to succeed !

© 1994 - 2019 sqq PHMC GPE LLC - All Rights Reserved.