News JCE and your site's security

14 December 2012

JCE and your site's security

Posted in Latest News

A recent spate of hacks on Joomla sites has been reported recently and there are some suggestions that an exploit in an earlier version of JCE may have been used to carry out these attacks on some sites.

We were notified of this vulnerability by Secunia in May of this year and promptly released two updates to fix the issues :

http://www.joomlacontenteditor.net/news/item/jce-21-released

http://www.joomlacontenteditor.net/news/item/jce-211-released

All subsequant releases have included these fixes and no new vulnerabilities have been reported to us.

We urge all users to update JCE to the latest version as soon as possible, especially if you are using JCE 1.5 or any version before JCE 2.1.1

It is advisable to ensure that your version of Joomla and ALL extensions are kept up to date.

Checking for Updates

JCE supports the Joomla! Update Manager in Joomla! 2.5 and Joomal! 3.0 so you will be notified of any new version via the Update Manager. In Joomla! 1.5, 2.5 and 3.0 an update notification is also shown in the JCE Control Panel.

All JCE Editor updates include a release notification published on this site and are tweeted. You can subscribe to the JCE News Feed, or follow us on twitter.

Updating JCE

Updates can be done via the Joomla! Update Manager in Joomla! 2.5 and Joomla! 3.0 or using the Updates button in the JCE Control Panel in all Joomla! versions. You can also update by installing the new version using the Joomla! Installer.

Installation and update instructions are available here

An extra helping hand

If you are managing multiple Joomla! sites you may consider services like Admincredible or Watchful.li which have features to update Joomla! and installed extensions on multiple sites. joomla-security.com's audit tool can help you find and remove hacked files and keep your site up to date.

For general Joomla! secutiry issues, vist the Joomla! security forum

Contact Us

We regard the security of JCE as an absolute priority. If you are aware of any potential security issue or suspect a problem, please contact us immediately.