Joomla 3.4.5 was released by Joomla today to address a critical security vulnerability. Rochen encourages all customers to update as soon as possible. The vulnerability is extremely serious and can result in a complete site compromise, stolen login details, malicious file uploads etc.
Rochen has proactively deployed custom Web Application Firewall (WAF) rules to help protect our customers running Joomla 3.4.4 and earlier versions affected by this critical security vulnerability, first announced last week and patched today in 3.4.5. The WAF rules, developed in house by Rochen, aim to protect sites against both the SQL injection and information disclosure aspects of the vulnerability.
Even though Rochen has put in place these new WAF rules, which effectively act as a “virtual patch” for Joomla, we can’t guarantee that they will cover all attack vectors. Rochen strongly encourage all customers to update to Joomla version 3.4.5 as soon as possible. Updating is the most certain way to ensure your Joomla sites are properly protected against this vulnerability.
Any customers who have requested WAF protection be disabled will not be protected by these rules. If you have any questions please don’t hesitate to contact our global 24/7 support team by opening a ticket via the My Rochen customer portal.