Joomla! Project has released Joomla 1.5.9 [Vatani]. This is a security release, and users of earlier versions are encouraged to upgrade to this version at once.
One low-level and one high-level security issue were fixed in this release:
- High Priority: Directory Traversal. A crafted request can allow an attacker to view directory trees on the server. Note: contents of files cannot be edited or deleted, just viewed.
- Low Priority: SSL Session Token Disclosure. When running a site as SSL ONLY, if a non-SSL request is made, an attacker can obtain the session token. There is NO risk for Web sites that use both HTTP and HTTPS.
Other non-security related bugs found in various parts of the system are also fixed in this release. You can read its detail information and access the download at the official announcement page.