Joomla 4.2.8 Security Release

Joomla! 4.2.8 is now available. This is a security release for the 4.x series of Joomla! which addresses a critical security vulnerability in the web services API. We strongly recommend that you update your sites immediately.

This release only contains the security fix; no other changes have been made compared to the Joomla! 4.2.7 release.
After the release, we strongly advise you to renew the passwords for all credentials that are stored in the global site configuration, namely:

  • database
  • SMTP
  • Redis
  • HTTP proxy

The issue has been reported in a responsible disclosure process, there have been no signs of exploitation on public sites.

Security issue fixed with 4.2.8

[20230201] - Core - Improper access check in webservice endpoints

For New Installations

New installation instructions and technical requirements

For Upgrade an installation


See also

Joomla 4.2.8 Security Release

Joomla 4.2.8 Security Release

16 February 2023
Joomla 4 release date

Joomla 4 release date finally confirmed!

30 July 2021
CVE Numbering Authority (CNA)

Joomla is now running its own CVE Numbering Authority (CNA)

31 December 2020
Copyright 2021 - Joomlaboratory