The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.6 [Vusani]. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

For more information about this exploit, click here to visit the Joomla Security Blog. (http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html)

Instructions

New installation (http://help.joomla.org/content/category/48/268/302/)
Upgrade from an existing Joomla! 1.5 version (http://docs.joomla.org/Upgrading_1.5_from_an_existing_1.5x_version)
Migration from Joomla! 1.0.x (http://docs.joomla.org/Migrating_from_1.0.x_to_1.5_Stable)
See below for manual installation instructions

Download the Joomla 1.5.6 full package now (http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-Stable-Full_Package.zip)

Downlaod update packages (http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=3883)

Release Notes

SECURITY [HIGH] Fixed security hole in reset logic to check for proper token length.

Manual Installation

For some users a manual installation of the 1.5.6 Security Patch is a faster process. To manually apply the 1.5.6 Security Patch, upload the following files, replacing the existing files:

/components/com_user/models/reset.php

/changelog.php

/includes/framework.php

/administrator/includes/framework.php

/libraries/joomla/version.php

/libraries/joomla/environment/uri.php

This patch will only update installations of Joomla 1.5.5. If you’re using an earlier version, it is recommended you update prior to updating these files.


Link