Skip to main content
Blog

Joomla 5.4.7 Bugfix Release

07 July 2026

On Tuesday, July 7, 2026, the Joomla! Project released Joomla 5.4.7 together with Joomla 6.1.2. These are security and bug fix releases for the Joomla 5.x and 6.x series.

Security fixes in Joomla 5.4.7

  • Access control improvements
    • Improved security to ensure only authorised users can access media management features.
    • Strengthened protection for privacy-related features to prevent unauthorised access.
    • Improved security for custom fields to ensure only authorised users can view or modify them.
    • Enhanced the security of contact card (vCard) downloads.
    • Strengthened access controls for website workflows to prevent unauthorised changes.
    • Improved security for module management so only authorised users can make changes.
  • Protection against malicious code injection (XSS)
    • Enhanced the security of multi-factor authentication settings to better protect user accounts.
    • Improved protection for the template manager to prevent malicious content from being injected.
    • Strengthened the security of popup windows used throughout the administration area.
    • Improved the security of the extension installer to prevent malicious code from being introduced.
    • Enhanced the protection of image handling to prevent malicious content from being displayed.
    • Improved the security of language customisations to prevent misuse.

Bug fixes in the Joomla 5.4.7 release

  • Security regression fix
    Fixes an issue introduced by the previous security update. Websites affected by the earlier patch should work normally again without compromising security.
  • Symfony YAML security update
    Updates an important third-party library to fix three known security vulnerabilities and improve overall website security.
  • More reliable extension updates
    Makes updating multiple extensions at once more reliable, reducing the chance of failed or incomplete updates.
  • Improved Discover installs
    Makes installing extensions through Discover more reliable by preventing installation errors.
  • Improved extension installation
    Fixes installation and update issues for some extensions by locating installation files correctly.
  • Fix CodeMirror duplication
    Prevents the CodeMirror editor from appearing twice, making template and code editing cleaner.
  • Fix modal pagination
    Restores proper navigation in popup windows when browsing through multiple pages of items.
  • Fix article author display
    Ensures author names are shown according to your article settings for consistent frontend display.
  • Correct email template language
    Email notifications now use the correct language template, improving multilingual websites.
  • Smoother Joomla installation
    Prevents the installer from failing when a database password accidentally contains leading or trailing spaces.

Note: don't jump straight to 5.x from a version below 4.4! Update to 4.4 first, then to 5.x.

The full list of changes can be found in the 5.4.7 milestone on GitHub.

Upgrade to Joomla 6

The primary purpose of Joomla 5.4.x releases is to help website owners get ready for an easy transition from Joomla 5.x to Joomla 6.x. All new websites we develop are built directly on Joomla 6.x. Existing websites are upgraded once the hosting environment, including PHP and database versions, together with all installed extensions, are fully compatible with Joomla 6.

Do you need help with updating or migrating your website to Joomla 6? Contact us!

Peter Martin
Peter Martin
Joomla Specialist

Peter is a Joomla specialist en a Linux admin for fast, secure and scalable websites..

Other articles

Correspondence

db8 Website Support
Galiciestraat 35
6663 NR Lent
The Netherlands

+31 85 301 48 28
support at db8 dot nl
+31 6 44 214 500 (urgent)

Nijmegen Office

NYMA makersplaats, Unit 69
Winselingseweg 16
6541 AK Nijmegen
Netherlands

By appointment
Monday to Friday
09:00 - 17:00 (5pm)
(Time zone: Central European Time)

Acquisition is
not appreciated

© db8.nl. All rights reserved.