Joomla! version 1.5.3 (Vahi) was released today to the community, correcting a database name validation error that was introduced in version 1.5.2.

Users of Joomla! 1.5 are encouraged to upgrade as soon as possible. The patch is available from the Joomla! website, along with instructions on how to do a complete install of version 1.5.3 or simply patch from a previous version.

The legacy 1.0.15 version is unaffected by today's release.

Drupal version 6.2 was released today, fixing a number of bugs and some important security issues. The security flaw is considered to be "moderately critical," and is described on the Drupal website as follows:

The menu system routes page requests to appropriate handlers. It also determines whether a user has access to pages based on several criteria, such as permissions assigned to a role. Drupal 6 features an entirely revised menu system, including changes to the way access is dealt with, which if not properly understood by developers can lead to vulnerabilities. This security release provides a more secure access behaviour by default, and fixes incorrectly set menu items in Drupal core.

Users of Drupal 6.0 or 6.1 are encouraged to upgrade to 6.2 as soon as possible. This security issue doesn't affect users of Drupal's legacy branch, currently at 5.7.

Joomla was updated to version 1.5.2 on Sunday. The patch includes bug fixes from the previous version, including the handling of dates and some improved OpenID functionality. While Joomla 1.5.2 isn't specifically a security patch, it's always a good idea to keep your Joomla installation up-to-date to avoid potential problems.

Users of legacy version 1.0.15 are not affected by the upgrade to the main branch.

You can download the latest Joomla package here. Instructions for new installations or patching existing 1.5.1 installations are on the announcement page.

A "moderately critical" ECMAScript/JavaScript vulnerability in Drupal has been fixed in the latest release, version 6.1. All users of the 6.0 version of Drupal are encouraged to patch their current installations or install the complete version 6.1 files.

A potential cross-site scripting (XSS) vulnerability (SA-2008-018) existed in the handling of titles on content edit forms. A JavaScript function used to escape text wasn't working correctly, and is fixed in the latest version.

The legacy 5.x line of Drupal remains at version 5.7, and is not affected by this vulnerability.

Drupal 6.1 is available for download from the main Drupal website.

SilverStripe has posted a release candidate for an patch that will fix "several dozen issues," according to the release notice.

Current users of the SilverStripe open source CMS are asked to download and install version 2.2.2rc1 and report any problems during setup, upgrading or operations. Keep in mind that release candidate software is not the final version and may still contain bugs, so caution should be taken before using this version on a live production site.

More information on SilverStripe is available on the project's overview page.

Trend Micro's Juan Castro reports today that a vulnerability in Plone, discovered in November 2007 by AusCERT, has cropped up on a number of sites. The exploit uses a technique called "Doorway Pages" and redirects visitors to pages that then download malware to the visitor's computer. Castro's analysis is that someone is using the vulnerability discovered by AusCERT as a redirector to hijack traffic and possibly infect computers.

The vulnerability was addressed in Plone's version 3.0.3 and legacy version 2.5.5. If you're using Plone for any of your CMS-based websites, make sure your installation is patched to the current version, which is 3.0.6, or to the latest legacy version, which is 2.5.5.

Open source CMS Joomla issued a security patch for its legacy 1.0.x branch today. The latest version, 1.0.15 (Daytime), addresses a security vulnerability, according to the project's website. All users of 1.0.14 or earlier are encouraged to upgrade to version 1.0.15 as soon as possible.

Joomla also has a newer version available, which is currently at 1.5.1. This site runs on Drupal, but I have other client sites we've built and maintain on Joomla, and I'm planning on upgrading to the 1.5.x branch soon. When I do, I'll include a post describing my impressions of the new version.

The second Tuesday of the month is here, and Microsoft's Lincoln's Birthday present is no less than eleven patches, six marked "critical" and five "important." One of the patches affects only Windows Vista users. The complete details of the eleven patches is available from the Microsoft TechNet site. Visit Windows Update to check whether your computer is patched, especially if you have Automatic Updates turned off. Remember to do this using Internet Explorer; Firefox or other browsers won't work with the Windows Update site.

The anticipated Service Pack 1 for Vista isn't available - officially - yet. It's expected in March. Reports from Windows news site WinBeta suggests that it's available now, but it's probably best to wait for the offical release date to avoid problems.

Apple also updated Mac OS X to version 10.5.2 yesterday. If you're using the third most popular operating system (after XP and the intrepid Vista users), you can find the updates here or by checking for software updates under the Apple menu.