14 December 2012
JCE and your site's security
A recent spate of hacks on Joomla sites has been reported recently and there are some suggestions that an exploit in an earlier version of JCE may have been used to carry out these attacks on some sites.
We were notified of this vulnerability by Secunia in May of this year and promptly released two updates to fix the issues :
All subsequant releases have included these fixes and no new vulnerabilities have been reported to us.
We urge all users to update JCE to the latest version as soon as possible, especially if you are using JCE 1.5 or any version before JCE 2.1.1
It is advisable to ensure that your version of Joomla and ALL extensions are kept up to date.
Checking for Updates
JCE supports the Joomla! Update Manager in Joomla! 2.5 and Joomal! 3.0 so you will be notified of any new version via the Update Manager. In Joomla! 1.5, 2.5 and 3.0 an update notification is also shown in the JCE Control Panel.
Updates can be done via the Joomla! Update Manager in Joomla! 2.5 and Joomla! 3.0 or using the Updates button in the JCE Control Panel in all Joomla! versions. You can also update by installing the new version using the Joomla! Installer.
Installation and update instructions are available here
An extra helping hand
If you are managing multiple Joomla! sites you may consider services like Admincredible or Watchful.li which have features to update Joomla! and installed extensions on multiple sites. joomla-security.com's audit tool can help you find and remove hacked files and keep your site up to date.
For general Joomla! secutiry issues, vist the Joomla! security forum
We regard the security of JCE as an absolute priority. If you are aware of any potential security issue or suspect a problem, please contact us immediately.