The entire security update can be downloaded here

Joomla 1.5.15 upgrade patch files are here  


Important changes:

  • .htaccess change that prevents looking at your extensions XML file
  • PHP 5.3.x compatibility (except of OpenID library)
  • Core components caching

Notable bugfixes:

  • TinyMCE is now working properly - all remaining bugs created by the recent TinyMCE upgrade should be gone now
  • Mootols were upgraded to 1.12 to ensure future compatibility with Firefox 3.6
Complete details of the changes above can be read here .


[20091103] - Core - Front-End Editor Issue

Posted: 03 Nov 2009 08:31 AM PST

  • Project: Joomla!
  • SubProject: com_content
  • Severity: Moderate
  • Versions: 1.5.14 and all previous 1.5 releases
  • Exploit type: Front-End Editing
  • Reported Date: 2009-September-05
  • Fixed Date: 2009-November-03


When logged into the front end with Author access, it was possible to replace an article written by another user.

Affected Installs

All 1.5.x installs prior to and including 1.5.14 are affected.


Upgrade to latest Joomla! version (1.5.15 or newer).

Reported by Hannes Papenberg

Best Canadian Web Host for Joomla

Joomla Web Hosting Canada RSS Feed