Se recomienda altamente actualizar a esta versión.

1.0.8 contiene el siguiente trabajo:

• 37 arreglos de seguridad
• 70+ arreglos a bugs generales
• Varios realces de funcionamiento

1.0.8 está disponible como "paquete completo", el que contiene todos los archivos de Joomla!, y el "paquete de actualización" que contiene solamente los archivos que han sido actualizados por el equipo de Estabilidad.

• Información de la versión 1.0.8 (en inglés)
• Registro de cambios de 1.0.8 (en inglés)1.0.8
• Package File MD5 checksums

Instrucciones de actualización

Actualizar desde cualquier version de Joomla! 1.0.x a 1.0.8, solamente implica la sobreescritura de los actuales archivos del sitio, con los archivos apropiados que pertenecen al "paquete de actualización" que se corresponden con tu versión actual de Joomla. Esto quiere decir que si actualmente estás corriendo Joomla! 1.0.5, necesitarás utilizar el Paquete de Actualización de 1.0.5 a 1.0.8.

Esto puede hacerse simplemente descomrpimiendo el Paquete de actualización y luego usando un programa cliente FTP para transferir y sobreescribir los archivos necesarios en tu servidor. Si encuentras errores luego del proceso, asegurate de que todos los archivos se han transferido y copiado correctamente.

Si tu proveedor de Hosting te brinda un acceso a tu sitio via algún panel de control como Cpanel o Plesk, puedes usar el "administrador de archivos" para subir el paquete de actualización completo y luego extraer sus archivos sobreescribiendo los anteriores, directamente en el servidor.

Para mayor información visita los foros oficiales de Joomla. Hay un foro especializado en actualizaciones

Instrucciones de conversión (Mambo a Joomla)

Para aquellos que conviertan desde Mambo 4.5.2.x o Mambo 4.5.3 por favor sigue las siguientes instrucciones de migración (en inglés). Necesitarás bajar el Paquete completo de Joomla 1.0.8.

Backing Up

Antes de encarar la actualización y conversión es importante en extremo que hagas un back up completo: de archivos y base de datos. Mientras que el equipo de Joomla trata de asegurar que el proceso de actualización o conversión sea exitoso, ellos no garantizan que saldrá todo bien para cada usuario y/o servidor. Por eso es importante que cada usuario tome las medidas preventivas necesarias para poder volver todo a un estado anterior en caso de problemas críticos.

CONSEJO: luego de hacer el back up, también comprueba que el back up realizado esté íntegro y copiado en tu pc correctamente. Muchas veces el proceso de back up falla, por ende surgen back ups malos que luego no sirven para restaurar el sistema.

Integridad de los paquetes

Para asegurar la integridad de los archivos que descargas, recomendamos solamente bajar desde la "Fuente Oficial" del forge oficial de Joomla. Como una medida extra de seguridad hacemos disponible los valores de chequeo MD5 para cada respectivo paquete de archivos, en virtud de garantizar a los usuarios la correcta descarga.

Paquetes:

Todos los paquetes necesarios para actualizar a Joomla 1.0.8 (desde cualquier versión anterior) podrás encontrarlos aquí: http://www.joomla.org/content/view/940/74/1/1/

Security Audit

(Sin traducción aún) Ver http://www.joomla.org/content/view/940/74/1/2/

Shortly after the public release of Joomla! 1.0.7, a public discussion on the Joomla! forums reported that Poll data was visible or accessible despite being Unpublished - it was also mentioned that other unpublished core data may also be visible.

A quick check of Joomla! 1.0.7 by the Stability Team verified the vulnerability within the core Poll Component and also within other Core Components.

To properly investigate the matter and to ensure there weren’t other similar vulnerabilities within the Joomla! core code base a Security Audit was instituted.

As part of our moved towards increased transparency of `Core Operations` this Security Audit Report is being made available to the public in PDF format.

Download `Joomla! Security Audit - A2 Broken Access Control [26 Feb 2006]`
The results of this audit make up a large bulk (30+) of the Security Fixes contained in 1.0.8
All Joomla! users are urged to read the report so they are aware of the nature of the vulnerabilities discovered and can understand why it is important to upgrade to 1.0.8

3rd Party addon developers Must read the report to ensure they institute internal testing of their products, to ensure a similar vulnerability does not exist within their applications.

Future Audits
It is also our intention to conduct similar focused audits on the Joomla! codebase in the future.

In fact we are currently working on another Security Audit conducted by Mathijs de Jong - one of our Quality & Testing Working Group members - currently restricted to internal viewing.

Once all issues in these Security Audits are resolved the reports will be made available to the community.

Security Vunerabilities

(Sin traducción aún) Ver http://www.joomla.org/content/view/940/74/1/3/

Joomla! 1.0.8 Contains thirty-seven (37) fixes for Security Vunerabilities. 14 Medium Level threats and 23 Low Level threats

Medium Level Threat Fixes

A3 - Hardening of Remember Me login functionality A7 - Protect against real server path disclosure via syndication component A1 - Limit arbitrary file creation via syndication component A7 - Protect against real server path disclosure in mod_templatechooserA9 - Inputfilter vunerable to DOS attacks A2 - Disallow `Weblink` item from being accessible when 'unpublished' A2 - Disallow `Polls` item from being accessible when 'unpublished'A2 - Disallow `Newfeeds` item from being accessible when category 'unpublished'A2 - Disallow `Weblinks` item from being accessible when category 'unpublished' A2 - Disallow `Content` item from being accessible despite section/category 'access level'A2 - Disallow `Newsfeed` item from being accessible despite category 'access level'A2 - Disallow `Weblink` item from being accessible despite category 'access level' A2 - Disallow `Content` item from being visible despite category 'access level' - `Blog - Content Section` & `Blog - Content Section Archive`A2 - Disallow `Content` items from being viewable when category/section 'unpublished' - mod_newsflash
Low Level Threat Fixes
A3 - Harden frontend Session ID A6 - Harden against multiple Admin SQL Injection Vulnerabilities A1 - Disable ability to enter more than one email address in Contact Component contact form A1 - Harden Contact Component with param option to check for existance of session cookie - enabled by default A3 - Addiotional check for correct Admin session name A2 - Disallow access to syndication functionalityA2 - Disallow `Newsfeeds` Categories from being accessible when 'unpublished'A2 - Disallow `Contact` Categories from being accessible when 'unpublished'A2 - Disallow `Weblink` Categories from being accessible when 'unpublished'A2 - Disallow `Content Section` from being accessible when section 'unpublished' - `List - Content Section`A2 - Disallow `Content Category` from being accessible when category/section 'unpublished' - `Table - Content Category`A2 - Disallow `Contact` Categories from being accessible as per category 'access level'A2 - Disallow `Newsfeeds` Categories from being accessible as per category 'access level'A2 - Disallow `Weblinks` Categories from being accessible as per category 'access level'A2 - Disallow `Content Section` from being accessible as per section 'access level' - `List - Content Section`A2 - Disallow `Content Category` from being accessible as per section/category 'access level' - `Table - Content Category`A2 - Disallow `Content Category` from being accessible as per category 'access level' - `Blog - Content Category` & `Blog - Content Category Archive`A2 - Disallow `Content` item links from being visible as per category/section 'access level' - mod_newsflash, mod_latestnews, mod_mostread
OWASP Vunerability Categorization
As part of our improved focus on security, we are adopting the Open Web Application Security Project (OWASP) Top Ten Vulnerability categorization system, to standardize the categorization of security vulnerability reports. The legend of the vulnerability categories for the vunerabilities above are listed below ( full list here ):

A1 - Unvalidated Input

A2 - Broken Access Control

A3 - Broken Authentication and Session Management

A6 - Injection Flaws

A7 - Improper Error Handling

A9 - Denial of Service

Security Alerts

Joomla! 1.0.3 Critical Vulnerability

(Sin traducción aún) Ver http://www.joomla.org/content/view/940/74/1/4/

From postings on the forum, it is clear that some Joomla! users are still operating sites with Joomla! 1.0.3

If you are running 1.0.3 and below you MUST upgrade to at Least 1.0.4

1.0.3 and below contains a Critical Security Vulnerability (our highest security warning), which can lead to unauthorized users gaining access to your site. There have been numerous reports of sites being attacked through this vunerability and Hackers are specifically targetting and testing Joomla! sites for this vulnerability. If you are upgrading we would advise you to upgrade directly to Joomla! 1.0.8

Recent Mambo Threats
There have been two (2) security vulnerabilities reported in Mambo that have caused some concern to Joomla! users. One is an F-Secure Report, the other a Gulftech Report.

Our internal testing and contacts with the security bodies (who discovered the vulnerabilites) have shown that Joomla! is NOT vulnerable to either of these two threats.
This has been discussed here:

Linux Worm targetting Mambo, is about an already fixed one year old vulnerability

Joomla! 1.0.x is not affected by recent Mambo Vulnerability

Performance Improvements (Other Fixes)

(Sin traducción aún) Ver http://www.joomla.org/content/view/940/74/1/5/

1.0.8 contains several query performance improvements that should lead to slightly better performance for Joomla! sites. These improvements mainly deal with displaying Core Component Content Item data. The more content items you have visible on a page the greater the likely performance improvement.

As an example, for an install of sample data:

The frontpage query count has decreased from 93 queries down to 44 - a 52% reduction.

For the blog page the original 77 queries has gone down to 39 queries - a 48% reduction.

For the License page we have gone from 35 queries to 26 queries - a 25% reduction

As an example, for the official Joomla sites:

For the frontpage in 1.0.7 it took 95 queries to generate, with 1.0.8 it only takes 40 - a 57% reduction.

For the `Community News`area the current page needs 394 queries, now it only needs 197 - a 50% reduction.

For the `Version Info` page previously it was 99 queries, now it runs to only 59 queries - 40% reduction.
Please note that these query improvements will not affect 3rd party components, but as some improvements were in regards to core queries, which are always loaded, there is a small general query count improvement.

Session handling changes
To fix several problems in session handling and to increase security, the core sesson handling system has been overhaulled. Information on these changes have been detailed here:

New `Admin Session Lifetime`in 1.0.8

Hardening the `Remember Me` login ability

Important change to session handling in 1.0.8
It is important to note, that these changes WILL affect 3rd Party briding products and users are advised to visit those Developer sites or contact Developers to see if these changes will be addressed in their products newer versions.