As we approach the end of another year it is traditional in many cultures to look back and see what has been achieved in that time and to give thanks.

For many of us it is a time to take stock and to acknowledge that we may be more fortunate than others. One way to do this is to donate money to a charity.

Why don't you join me and other users of Joomla!™ to raise funds "all together" for Médecins Sans Frontières (Doctors Without Borders).

I have chosen Médecins Sans Frontières (MSF), Doctors Without Borders, as they are an international, non-denominational, non-political humanitarian aid organisation that provides emergency medical assistance to populations in danger in more than 80 countries.

It doesn't happen often, in fact I think it has only happened once before, but right now I am absolutely speechless and still scraping my jaw off the floor as I simultaneously scrape my head off the ceiling.

In fact it's such a rare event for me to be speechless that it's probably worth making a note in your diaries.

This blog has been shortlisted by ComputerWeekly.com for the award for the Open Source in Business category in the IT Blog Awards.

This release contains a huge number of fixes specificaly in the TinyMCE editor and various fixes to provide php 5.3 compatibility.

Of course I'm particularly pleased to see a new line in the htaccess.txt file as this addresses what I believe has long been a security issue in exposing extension version numbers, this will have to be applied manually. See my Joomla Hidden Secrets presentation to see why I belive that exposing version numbers is a bad idea. Note the fix provided in the new htaccess.txt is far more advanced, and better, than the one I inititaly proposed - but heh I'm not a programmer.

There are two security fixes in this release and users are strongly encouraged to upgrade immediately.

NOTE please check the FAQ of known issues with 1.5.15 before upgrading

Please do NOT rely on an automatic updater

This meant that as soon as you installed the extension your site was vulnerable to defacement etc.

If there have been two published cases perhaps there have been more that we don't know about.

So is there anything we can do to prevent this?

So for those of you that are still waiting I'd like to tell you that it really is true and life really is that simple.

Normal service will be resumed on friday.

I really wanted to be writing a good news blog today/tonight but ...

"Just because you keep your server secure and your software up to date you may have been exploited yesterday, ready to be hacked tomorrow."

Today I read an article explaining the exact same thing happening on a Wordpress site. I had tried to explain this to the site owner 6 weeks earlier but...

To avoid any confusion the time will be defined as GMT.

There will be a very special prize for the winner.

I've sat on this blog post for a few weeks as I wanted to separate any connection to the specific client for who this relates to.

So I'm sat in a hotel bedroom, idling away the time before bed, browsing a news sites when a skype window pops up on my Mac.

"Please help!!!! I've got 12 sites all on different servers and they keep getting defaced."

Now obviously I then ran through my usual set of questions:

1. "Are the sites running the latest version of Joomla?"
2. "Are the file and directory permissions set sensibly?"
3. "Do you monitor the extensions and make sure they are all up to date?"

And the answer was yes to all of the above.