The Joomla! Project is delighted to announce a security release for 4.x series of Joomla which addresses a security vulnerability and contains various bug fixes and improvements
This release continues Joomla 4's high standards in accessible web design and brings exciting new features, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.
With Joomla 4.2.1, we have new and improved features for bloggers and authors, web designers, extension developers and web agencies.
The highlights are:
Keyboard Shortcuts
With the new keyboard shortcuts, you can save time and become more productive.
There are 9 built into the administrator side of your site such as J + F to jump into the search field or J + S to save
And the great news is that other extensions are able to add their own shortcuts as well. Pressing J + X to get a list of them all. The keystrokes are all sequential, making it more accessible than hitting them simultaneously.
Multi-factor Authentication
Until now, Joomla only offered 'Two-Factor' Authentication; with 'Multi-factor' Authentication, we are taking site access security one step further by allowing you to choose different authentication mechanisms to secure your site. You can choose to use a Yubi-key, Web Authentication, a verification code, or a code by email.
The way Multi-factor Authentication works is that you first log in with your username and password. After that, you are presented with another screen to enter your second authentication method.
This means that you will no longer be able to enter your two-factor authentication code on the same page as the login page.
Security Issues Fixed
[20220801] Low Severity - Low Impact - Multiple Full Path Disclosures because of missing '_JEXEC or die check' (affecting Joomla! 4.2.0)
Bug fixes and Improvements with 4.2.1
- Failure in setting Redis cache
- Change the db calls back to the getDbo
- Error when Gather Statistic enabled in Smart Search
- Fixed menu login with redirect to menu item on multi-language site
- Add bcmath_compat polyfill for servers without BCmath / GMP support
- Remove unused imports in Multi-factor Authentication
- Fix issue "updateCheck is null"
- Remove hotkeys.js as they have been renamed
- Stats collection must not be shown in captive MFA pages
- CLI application crashed when MVCFactory is used
- Correctly revert pull request no. 38244 for updating from 4.2.0 RC 1
Visit GitHub for the full list of bug fixes.
Click here for full release information.
It's extremely important to keep your Joomla installation, and extensions up to date to minimise the risk of your site being compromised, you should also check that you are not using vulnerable extensions by visiting Joomla! Vulnerable Extensions List.
Many site owners are totally unaware of the status of their Joomla websites, databases, and hosting environments, the potential risks of being compromised, and the implications of private personal data held. Also many site owners are paying extortionate hosting fees for below standard services running on out of date and insecure hosting environments.
What Joomla Support Services do you provide?
Supporting, building, hosting, maintaining and optimising and all kinds of Joomla websites since 2005 we have gained vast experience. This combined with our Joomla Website Support System enables us to work very efficiently with any Joomla related project.
We have worked on several hundred Joomla websites ranging from sites with a few pages to sites with several hundred thousand pages including multi language sites. Taking on all kinds of Joomla related projects, including;
- Adding additional functionality.
- Adding content delivery networks.
- Adding E-Commerce along with shopping carts.
- Adding multiple anti-spam solutions.
- Adding payment gateways.
- Adding user management and subscription memberships.
- Building new Joomla websites.
- Customising Joomla extensions.
- Customising Joomla templates.
- Developing all kinds of forms including API integrations and auto field population using GeoIP services.
- Developing custom Joomla extensions.
- Developing custom Joomla templates.
- Implementing GDPR compliance.
- Implementing HTTP security headers.
- Joomla Extension Installation and configuration.
- Joomla Installation and configuration on your hosting.
- Joomla search engine marketing,
- Joomla search engine optimisation.
- Joomla site backup restoration on your hosting.
- Joomla version updates
- Joomla website speed optimisation.
- Making Joomla websites responsive and mobile friendly.
- Malware removal including file and database cleanup.
- Migrating existing websites to Joomla including WordPress and none CMS websites.
- Producing AMP versions of Joomla websites.
- Resolving security-related issues.
- SSL certificate installation.
along with support and training, and anything required to keep Joomla Websites fast, functional, secure, and stable.
Once you become a customer you get access to a Highly Experienced Joomla Developer and;
- Access to our secure private support helpdesk site where access credentials are kept along with tasks and changes which are documented in detail.
- Use of our ticketing system where bugs can be reported, questions asked, and additional features can be requested.
Do you take backups?
Yes, prior to making any changes to your Joomla website;
- We ensure you have an adequate backup system in place and take a backup of the site and database. Our preferred backup component is Akeeba Backup Professional for Joomla! (Commercial License $55), If your site doesn't already have it we will Install and configure it on your website.
- When a site has major issues or requires major extension upgrades, major Joomla version upgrades, template or template framework upgrades, major PHP version changes etc.. we clone the site and produce a test site to test changes prior to making changes to your live site. We are very experienced and understand which updates are safe and which updates cause problems. We prefer to put a test site on a sub domain to achieve some separation from a live site but this all depends on your hosting setup.
We have several VPS servers including a development Ubuntu/Plesk server with big storage attached where most Joomla sites we manage transfer an encrypted backup to each day. Apart from backup storage this is very useful to spin up a copy of a site for development, Joomla or PHP updates etc. This is useful if your host only allows one database for example and a test site is required for major updates, also on some occasions we have set up an older PHP version that most hosts don't allow so we can restore an old broken site for development.
Can you update our Joomla version and extensions?
Yes, for Joomla version updates order our hourly Joomla Specialist Support and Maintenance service, press the add to cart button, select a minimum of one hour and submit a ticket on our helpdesk.
Once you become a customer you get access to a Highly Experienced Joomla Developer and;
- Access to our secure private support helpdesk site where access credentials are kept along with tasks and changes which are documented in detail.
- Use of our ticketing system where bugs can be reported, questions asked, and additional features can be requested.
Once an order is placed for the first time and paid for we create you a user account on our secure private support helpdesk site where we will request information which you can provide securely, Your access credentials will be emailed to you as soon as your account is created.
Prepaid support it given high priority, with all of our hourly support time is charged in 10 minute increments and the week ends each Sunday at midnight UK time. All time is logged in your private area on our secure private support helpdesk and detailed invoices are issued weekly along with account statements.
What about major Joomla updates, rebuilds and redesigns?
If you are considering major updates and getting your site stable, fast, secure and to the Latest Joomla version see our Joomla Website and Hosting Audit service. Our full audit of the Joomla Website and Hosting including extensions, templates, overrides, SEO status, page delivery speed status, configuration and security.
Following the audit and testing you will receive a detailed report including the status of your site and your hosting along with detailed recommendations and options for updating your site including templates and extensions.
You can then address the issues yourself, use your existing developer or use our Joomla Specialist services to ensure that your site is stable and secure and your hosting is adequate and configured correctly.
Once you become a customer you get access to a Highly Experienced Joomla Developer and;
- Access to our secure private support helpdesk site where access credentials are kept along with tasks and changes which are documented in detail.
- Use of our ticketing system where bugs can be reported, questions asked, and additional features can be requested.
I have an Urgent Joomla website problem, can you help?
Yes, we have a Joomla Website and Hosting Diagnostics service for these situations. We analyse the Joomla website errors if web pages are broken or a site is down and create a detailed report with a list of recommendations for resolving issues on the site. If we have a solution that can be applied quickly even as a temporary fix we will fix the issue for you.
Based on the analysis you will be provided with a detailed report and a list of recommendations for resolving issues on the site. You can then address the issues yourself, use your existing developer or use our Joomla Specialist services.
Includes;
- Access to our secure private support helpdesk site where all analysis, testing, recommendations, and changes are documented in detail.
- Use of our ticketing system where bugs can be reported, questions asked, and additional features can be requested.
Once an order is placed for the first time and paid for we create you a user account on our secure private support helpdesk site where we will request information which you can provide securely, Your access credentials will be emailed to you as soon as your account is created.
Please note that even though we produce and maintain Joomla websites in multiple languages for multiple clients worldwide our native language is English.
Do you provide ongoing Joomla Support and Maintenance?
Yes we provide ongoing Joomla Support and Maintenance Services to keep your Joomla website and extensions up to date. Once a site is added to our support system we usually agree a maximum monthly spend which will never be exceeded without prior authorisation and the site is kept up to date on a regular basis.
Contact us to discuss ongoing Joomla Support and Maintenance Services.
Related Content
Let's celebrate! Today is an important day for the Joomla! Project. We're celebrating six months of hard work by our volunteers, who had the vision to...
The Joomla! Project is pleased to announce the release of Joomla 5.0.3 and 4.4.3. This is a security and bug fix release for the 5.x and 4.x series of...
We are proud to announce the release of Joomla 3.10.14. This version backports the security fix for CVE-2023-40626. This is a commercial security rele...
You can now order our remote Joomla Website Support Services online and pay in GB Pounds, Euros or US Dollars by credit/debit card or by bank transfer...
