The open source Joomla Content Management System (CMS) is out today with a new release that makes the platform more secure and extensible.
Joomla 1.7 provides users with an improved updating mechanism as well as an integrated approach for finding and installing extensions. The new updating system is seen by Joomla as being a tool that will help to improve platform security.
"One of the biggest problems in terms of real world security is having the users keep up with the latest version as the great majority of hacks out there are on old versions that have already been patched," Mark Dexter of the Joomla Production Leadership Team told InternetNews.com.
A report from HP earlier this year identified Joomla as being among the most vulnerable open source CMS projects. The root cause of the vulnerabilities, according to Joomla, stems from old unpatched versions.
Joomla 1.7 introduces a integrated updating system intended to make it easier for users to find and install updates. The system, however, is not as simple as it could be, and Dexter noted that further enhancements are planned.
"Today you have to go in and click 'find updates, but something we're working on is to have the system notify you automatically when an update is available," Dexter said.
Dexter noted that Joomla issues major updates every six months now, though there will likely be a minor update before then. That minor update will likely have the easier update notification system fully enabled.
The other big improvement is the official debut of the Joomla Extensions Directory. The Extensions directory is an effort to make it easier for Joomla users to find and install extensions. Dexter noted that there are almost 8,000 extensions currently available for Joomla.
Joomla's open source CMS rivals, Drupal and Wordpress, both have similar extension directories already in place.
The Joomla Extensions Directory will provide user ratings for extensions to help users determine the quality of an extension. Joomla is also now maintaining an official list of extensions that have had security issues. For extensions where there are unresolved security issues, those extensions will be dropped from the directory.
Dexter noted that the Joomla project is not automatically scanning extensions for security issues. Rather the project is relying on its own processes and user reports to identify potential issues with extensions.
"We don't have a particular scanning mechanism that we use on third party extensions at this point," Dexter said. "I'm not aware that we have found one that is reliable enough to use."
Joomla also does not currently have a commercial sales model for the Extensions Directory. Though the directory contains both open source and commercial extensions, the Joomla project is not recognizing any revenue sharing or commission.
Ryan Ozimek, president of Open Source Matters, the non-profit group that runs the Joomla project, told InternetNews.com that while there currently isn't a model for extension sales, such a model could be possible in the future. He added that the Joomla project is in good shape financially.
Joomla is often compared against WordPress and Drupal since all three are open source systems. Ozimek, however, sees the three open source systems as brothers in the same fight.
"Our competition is closed source proprietary software that doesn't serve the interests of its users," Ozimek said. "Joomla might be 2.7 percent of all websites today, but the bigger picture is that 75 percent of sites aren't running a CMS at all so it's a huge opportunity for us."