|
Apr 18
2009
|
 |
It is now over Three weeks since Joomla 1.5.10 was released as a 'strongly encouraged' security update by the Joomla security team.
Many users rely on using Fantastico from Netenberg.com to update their installations; this is a huge mistake, especially for security updates that should be applied as soon as possible.
Why? Well, it has been three weeks and the guys at Netenberg.com has not released a new update to their flashship Fantastico to include the latest version of Joomla. To leave your Joomla installation un-secure for that long is risky and down right dumb.
The Netenberg.com team really used to be on the ball, quickly releasing product updates as soon as there were updates to their one-click install list of web ware which includes Joomla, WordPress, Drupal and a multitude of other popular CMS, blogging softwares and Customer support software.
However, as of lately (the last few months (at least)), their updates have been less and less frequent and not even security releases as the Joomla 1.5.10 or WordPress' 2.7.1 made them release a quick update; but rather they appear to take their sweet time releasing several product updates together whenever they get around to it and that makes a lot of web sites un-secure waiting for an update.
I would really not like to fault Netenberg for this as they have a long list of products to keep up to date (around 50 at current count) and there lies the problem. They have too many product updates to implement and not enough time, but the real problem is Fantastico is a commercial product and they have a responsibility to their clients to keep current versions available.
If your hosting account or web server uses Cpanel, you most likely have access to Fantastico in your control panel.
I use Fantastico frequently; it is so much quicker and convenient to one-click install a Joomla installation than manually creating a database, uploading Joomla and manually installing it but (and this is a BIG but), I do not rely on Fantastico to update my installations.
If I were to install a new Joomla installation today (April 19, 2009) using Fantastico, it would install Joomla 1.5.9 which is an un-secure version; so I would have to upload the 1.5.9 to 1.5.10 upgrade package from Joomla.org to make it seucure and that is still quicker and easier than the old manual way.
My point is... Three weeks after a security release, that extra step should not be necessary as Fantastico should already have implemented the security release by now.
Likewise, any of the installations that I have; whenever an update it available, I will manually install the new version right away, not relying on Fantastico.
You can always upgrade your Fantastico installed Joomla installation without causing any problems with either Fantastico or your Joomla installation (as always, always back up first).
So rule of thumb, use Fantatico to install your Joomla installation, but update manually whenever a new release is made from the Joomla security team.
Stay safe, Stay secure - Keep your installations up to date.
Tony Lindskog
Editor-in-Chief
UPDATE: Netenberg released an update to Fantastico on April 21; the day after this blog was posted, that included amongst others Joomla 1.5.10.
