14 DAY TRIAL // The Joomla Project has made available a new version of the popular content management system to address a couple of security holes that may have exposed users to malicious operations.
A high priority issue found in the Core refers to an SQL Injection vulnerability reported on February 29, 2012, which affects Joomla 2.5.1, 2.5.0, 1.7.4 and all earlier 1.7.x variants.
The moderate severity cross-site scripting (XSS) flaw was reported the same day by Phil Purviance, being caused by inadequate filtering. Versions 2.5.1 and 2.5.0 are affected by this problem.
Customers are recommended to upgrade their products, but not before reading the update instructions and making a backup of their sites.
Users who identify bugs in Joomla care report them on Joomla! CMS Issue Tracker.
Joomla 2.5.2 is available for download here.