
Joomla 5.4.7 Bugfix Release
On Tuesday, July 7, 2026, the Joomla! Project released Joomla 5.4.7 together with Joomla 6.1.2. These are security and bug fix releases for the Joomla 5.x and 6.x series.
Security fixes in Joomla 5.4.7
- Access control improvements
- Improved security to ensure only authorised users can access media management features.
- Strengthened protection for privacy-related features to prevent unauthorised access.
- Improved security for custom fields to ensure only authorised users can view or modify them.
- Enhanced the security of contact card (vCard) downloads.
- Strengthened access controls for website workflows to prevent unauthorised changes.
- Improved security for module management so only authorised users can make changes.
- Protection against malicious code injection (XSS)
- Enhanced the security of multi-factor authentication settings to better protect user accounts.
- Improved protection for the template manager to prevent malicious content from being injected.
- Strengthened the security of popup windows used throughout the administration area.
- Improved the security of the extension installer to prevent malicious code from being introduced.
- Enhanced the protection of image handling to prevent malicious content from being displayed.
- Improved the security of language customisations to prevent misuse.
Bug fixes in the Joomla 5.4.7 release
- Security regression fix
Fixes an issue introduced by the previous security update. Websites affected by the earlier patch should work normally again without compromising security. - Symfony YAML security update
Updates an important third-party library to fix three known security vulnerabilities and improve overall website security. - More reliable extension updates
Makes updating multiple extensions at once more reliable, reducing the chance of failed or incomplete updates. - Improved Discover installs
Makes installing extensions through Discover more reliable by preventing installation errors. - Improved extension installation
Fixes installation and update issues for some extensions by locating installation files correctly. - Fix CodeMirror duplication
Prevents the CodeMirror editor from appearing twice, making template and code editing cleaner. - Fix modal pagination
Restores proper navigation in popup windows when browsing through multiple pages of items. - Fix article author display
Ensures author names are shown according to your article settings for consistent frontend display. - Correct email template language
Email notifications now use the correct language template, improving multilingual websites. - Smoother Joomla installation
Prevents the installer from failing when a database password accidentally contains leading or trailing spaces.
Note: don't jump straight to 5.x from a version below 4.4! Update to 4.4 first, then to 5.x.
The full list of changes can be found in the 5.4.7 milestone on GitHub.
Upgrade to Joomla 6
The primary purpose of Joomla 5.4.x releases is to help website owners get ready for an easy transition from Joomla 5.x to Joomla 6.x. All new websites we develop are built directly on Joomla 6.x. Existing websites are upgraded once the hosting environment, including PHP and database versions, together with all installed extensions, are fully compatible with Joomla 6.
Do you need help with updating or migrating your website to Joomla 6? Contact us!

Peter is a Joomla specialist en a Linux admin for fast, secure and scalable websites..







