At Thursday, 14 August 2008, Joomla.org was defaced a few hours after releasing the new design. This is not a new security issue, but only poor system administration practices on our part. When they updated their Web sites with the Joomla 1.5.6 security fix released yesterday, we simply forgot to update one of our small, non-public development sites.

Now, They could offer many excuses why it was overlooked—they were focused on fixing this vulnerability, creating the packages, and getting the word out. But the truth is, there is no excuse. This is an obvious and sobering reminder to the Joomla Project that staying current with upgrades is the most important step towards protecting your Web site.

Nothing but good will come of this experience. There's nothing like first hand experience to remind us of the trust our end user community places in us and the importance of working harder and smarter towards improving security.

Please, upgrade to Joomla 1.5.6 now, if you have not already done so. In retrospect, we wish we'd followed our own advice more diligently.

Quote from Joomla.Org