For those that don't already know, there is an important security update to Joomla, v1.5.15.

One of the issues fixed is a hole that allows a remote attacker to determine the version of installed extensions. This allows them to profile a Joomla site looking for extensions with known vulnerabilities. This is obviously a bad thing.

The update provides additional htaccess rules that block this exploit, BUT they are not activated by default. After updating you need to uncomment the updated sections of .htaccess.

Please update your installs as soon as possible.

Updates are available here: http://joomlacode.org/gf/project/joomla/frs/


p.s. The easy way is with ssh. I did 8 sites in under 10 minutes. I already had backups of course!!

I'd like to add another way is to use the jupdateman extension here

extensions.joomla.org/extensions/core-enhancements/installers/9332/details

and it automatically downloads and installs the update for you.

I also say remember to backup first!