THE Social Community Solution for Joomla!
Joomla has just published a Revised Assessment of 3.6.4 Security Release just a couple of days after the urgent Joomla 3.6.4 Critical Security Release that addresses 2 critical security vulnerabilities.
Basically the Joomla Security Strike Team has confirmed the original implications where malicious hackers could exploit the vulnerabilities to create their own administrator account but the team also confirmed that "under certain circumstances" the attackers could alter existing user accounts ( -- yes, even admin accounts).
The CB Team has also taken a closer look at Community Builder 2.0 installations on Joomla 3 environments and discovered that such sites are actually protected against these nasty Joomla vulnerabilities. By default, all CB 2.0+ installations automatically enable the CB system plugin that redirects Joomla registration and login requests to the equivalent CB requests that are not affected by these Joomla vulnerabilities.
So, simply put: all CB 2.0 / Joomla 3.x sites are protected from these Joomla vulnerabilities.
Please note that our recommendation is still to upgrade all Joomla sites to Joomla 3.6.4 as soon as possible, and additionally rename the Joomla htaccess.txt file (and configure it to your base folder if needed) for added protection.
Joomla 3.6.4 has just been released and it fixes two critical security vulnerabilities and a two-factor authentication bug.
This is a very important release and all Joomla 3.4.4 to 3.6.3 sites need to be quickly updated to this new release.
You can read the full Joomla 3.6.4 announcement for more details, but to make things super clear here is a list of recommended actions depending on your installed version:
- All sites with Joomla 3.4.4 through Joomla 3.6.3 must update to Joomla 3.6.4 now - this is extremely important as the found vulnerabilities let hackers create accounts on your website and then to promote them to administrator (but not super-administrator ones)
- All sites with Joomla 3.x less than 3.4.4 should upgrade as soon as possible to Joomla 3.6.4. These sites are not affected by the two critical vulnerabilities, but there are many other know issues that have already been fixed
- All Joomla 2.5.x sites (1.0-2.5 are not affected by these 2 vulnerabilities, but they are by other known ones) should plan to upgrade to Joomla 3.6.4. If not possible soon, they should at least by now have updated to the unofficially security-maintained Joomla "2.5.999" version which includes fixes only for high-level security issues (download zip button at top right) and follow that project on github, while planing to plan an upgrade to latest Joomla.
And, as always, make a full backup of your website before you attempt any upgrade.
Community Builder 2.0.15 and all our latest CB add-ons versions are running fine on Joomla 3.6.4 according to our tests.
Beat, member of both CB Team and of the Joomla Security Strike Team (JSST), insists on the urgency and the importance of this Joomla 3.6.4 upgrade: Stop doing what you are doing and Upgrade Now. If you can't, then take an off-site archive-backup of your site Now. Only the latest versions of Joomla and of all your extensions and add-ons, which are the only ones maintained are considered safe at all times.
Keep your Joomlapolis membership active and your sites up to date at all times!
Some hosters who care for Joomla Security have already implemented WAF modsecurity rules to protect their customers. Joomlapolis Web Hosting Services have also done so, even before the 3.6.4 release!
CB Gallery is here and extremely powerfull !
This is a complete rewrite with many great new features that will make your community website users very happy and excited with the possibilities.
You can experience the new CB Gallery on our demo site and see the many administrative and user facing options.
Here is a list of the main features in CB Gallery 2.0:
- Users can upload multiple files at the same time and then provide titles and descriptions (yup, just like facebook does)
- All media types are supported (photo, audio, video) as well as file uploads (you can provide filename extension list)
- Users can create unlimited albums to better organize their uploads
- Media files can be uploaded or linked (configration parameter)
- Item quotas can be set for each media type globally or individually (for specific users)
- Moderator approvals can be enabled for all media types
- Gallery playbacks are now using modal popup
- New CB Gallery module lets you display gallery albums, media types, gallery items from specific users (new asset concept) or from all users
- Item downloading can be turned off in gallery and in module
- New CB Gallery bot lets you put any gallery album or item directly in your Joomla content (articles and modules) and even lets your users create new gallery albums or upload new media directly from article!
- Captcha integration for extra security when uploading new items (requires latest CB AntiSpam plugin)
- Gallery activity recorded for activity stream (CB Activity and CB Auto Actions required)
- Create direct Joomla menu links to specific albums or items
- New administrative area lets you quickly see who has uploaded what and all created albums (see this on our demo site)
There are many more built-in features that you can explore on our demo site !
Community Builder 2.0.15 is here and has 9 new features and 15 bug fixes.
The key features include:
- Profile editing tab ordering now its own ordering parameter
- Internal URL support for direct tab focus for viewing or editing
- Forgot login and sign-up links can now be rendered as buttons in CB Login module
The full list of features and bug fixes is available in our discussion thread below.
Community Builder continues to be one of the most well maintained projects in the Joomla universe. We continuously release free nightly builds when we fix bugs of add new features. This way our huge community is able to test these changes and give quick feedback. This helps the project produce robust bug free code for the millions of Joomla websites using Community Builder.
All of this is made possible with the financial support provided by paid members. Paid Membership offers great benefits with many powerful add-ons and fantastic forum driven same/next business day responses. A big Thank You to all our paid members and to all contributors of CB!
CB 2.0+ websites can be upgraded to latest CB 2.0.15 using the built-in Joomla upgrader or with a simple install over (precautionary backup always recommended) as all previous settings are kept.
Almost one day after a Joomla 3.6.1 security release, the Joomla project released Joomla 3.6.2 as a quick follow-up bug fix release.
The combined releases address nearly 150 bug fixes and some medium/low priority security issues.
Important: Before upgrading to Joomla 3.6.2 make sure that you first upgrade all your components, including core "Joomla! Update Component Update" component. To do so:
- go to menu: Extensions / Manage / Upgrade
- Click "Find updates" button
- Select your extensions to upgrade, but at least "Joomla! Update Component Update" (its latest version at press time is 3.6.1)
- Click "Upgrade" button
Once you have upgraded the extensions, you can safely upgrade Joomla to 3.6.2.
In the seldom case where the last stage of the Joomla upgrade (database upgrade) would fail, no worries, go to menu: Etensions/ Manage / Database, then click the Fix button.
In the very seldom case where you are missing extension installation methods tabs, go to menu Extensions / Manage / Discover then click "Discover" button, select the installer plugins and click the "Install" button.
We have been testing Joomla 3.6.2 with our latest Community Builder 2.0.14 and everything works great!
As always, we recomend to upgrade your websites on a cloned environment and test everything before you take a full backup and apply Joomla upgrade on your productions sites.
A great resource you can follow is the Joomla 3.6.2 FAQ article that contains all the latest findings / issues identified by the Joomla project concerning this new release.
CB Package Builder with frontend management
This is by far the best download manager for Joomla!
We have developed and used CB Package Builder internally since 3 years for your packages downloads here on Joomlapolis. We are now using it for all your downloads, including all PDF files, showing latest version numbers in Joomla content and showing releases history. As it has become an awesome general-purpose downloads manager, we are now releasing it in its latest version 5.1.
CB Package builder has many features that you can discover in its product page.
Version 5.1 has many awesome new features that let you create and manage your membership downloads.
Here is a list of key features that you can actually experience - first hand - on Joomlapols and our demo site:
- Chose from 12 package types to fine-tune your user's download experience (Package, Library, Component, Plugin, Module. Language, Template, CB Plugin, Query, Script, Override, Custom).
- Use optional package sub-types to categorize packages when presented to users (e.g., see Free sub-types on our download page).
- Configure package version extraction directly from package filename with previous versions download support (e.g. filefolder/cb200-Primer_*.pdf - the * area will be used to extract version - see our Community Builder download version dropdown selection for example).
- Create presets comprized of multiple package that your users can download and install on their Joomla site as a single Joomla extension install (try this out on our demo site where you can login as an administrator)
- Let your authorized users maintain or add new packages from frontend (without need for administrative area login privileges - experience this also on our demo site and see relevant screenshots included further down).
- Drag and drop file uploading and frontend version deletion (experience this on demo site and check out screenshot below)
These are just some of the features avaiable in our latest CB Package Builder which comes with its own Joomla module, Joomla plugin and CB Paid Subscription integration plugin (to require active subscription for package download).
Here are some additional screenshots illustrating some of the previously mentioned features that - once again - you can experience first hand on our demo site and discuss this exciting new release on our forums!
Joomla 3.6 is here and works fine with Community Builder !
-> See our Joomla 3.6.0 FAQ for more info and known issues <-
After 2 release candidate rounds - that the CB Team has been testing against our latest Community Builder 2.0.14 - the Joomla project has released its version 3.6 stable package.
This new Joomla release has lots of bug fixes and quite a few - 400 !!! - improvements that make everyone's day to day Joomla usage easier.
Here are siome of the highlighted features:
- Joomla update can now do a reinstall for you reverting back to default code.
- Usability improvements that help you find things easier and get things done quicker with dropdown task execution.
- New Sub form field function for developers to take advantage of. Developers should read this as nested forms and enhanced repeatable fields.
- On the fly category creation will make content editors very happy as they could just create a new item and a new category in the same process.
- Menu type ACL gives even more control to fine-tune permissions on backend menus.
- New option to show all items from all menus gives you a quick overview of what is displayed where on your website. It has never been easier to spot duplicated links, missing menu items or just get an overview of every menu on your site.
The Joomla team has made a great Joomla 3.6 microsite highlighting all the main features and even more items can be seen in the Joomla 3 FAQ as well as a more technical list on the project's GitHub repository. So, there are many features for you to explore and remember that Community Builder 2.0.14 works fine with this new Joomla release!
Visit our demo site and see our products in action!
So, visit our demo site, select the Community Builder menu feature item or the Add-ons menu item you are interested in. You can also use the direct login buttons to explore both frontend functionality and administrative area configurations.
The demo site is periodically reset to its initial state, so don't hesitate to experiment with settings and additional functionality of our installed products.