Joomla! has released the latest version, 3.4.7, of its free content management system software to address two reported security vulnerabilities.
The new version of Joomla!, which is used to create websites and online applications, strengthened the security of the MySQLi driver to help prevent object injection attacks.
Joomla said its Security Strike team has been following up on the critical security vulnerability patched last week.
“Since the recent update it has become clear that the root cause is a bug in PHP itself,” Joomla! reported on its website. “This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13.”
Joomla! pointed out the only Joomla sites affected by this bug are those that are hosted on vulnerable versions of PHP, and it corrected the flaw because not all hosts keep their PHP installations up to date.