Let’s celebrate! The Joomla! Project is pleased to announce the release of Joomla 5.2.5 and Joomla 4.4.12. This is a security and bugfix release for the 5.x and 4.x series of Joomla.
These releases continue Joomla’s high standards in accessible web design, highlighting Joomla's values of inclusiveness, simplicity and security into an even more powerful open-source web platform.
Security Fix
[20250301] - Core - Malicious file uploads via Media Manager
The update fixes a security issue that allows users with “edit” permissions in the Media Manager component to upload malicious files, leading to a code execution vulnerability. By default, that permission is assigned to all backend user groups and frontend users with “Editor” or higher.
Bug fixes and Improvements with 5.2.5
- Fix set frontediting option from CLI after installation (#44978)
- Redesign carousel implementation to reflect documentation - bug fix (#44951)
- com_contact: Send Copy to Submitter does not work anymore (#44947)
- Disable compatibility plugin for system tests (#44944)
- Add border last element media breadcrumbs (#44937)
- PHP Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated (#44934)
- Set column alias for BannerTable, fix warning on Save As Copy (#44932)
- Translation Update (#44933)
