The Joomla! development team announces the immediate availability of new version 3.6.4. This is mainly a security release, because critical security issue  and a bug fix for two-factor authentication has been found in the Joomla! core lastly. Security bugs and some small others were fixed in this release. All Joomla! users are encouraged to upgrade to this version, as soon as possible. Of course backup first.

Upgrade Joomla! Installation

Download upgrade Joomla 3.6.4 packages from here >> https://github.com/joomla/joomla-cms/releases/tag/3.6.4

Please remember to upgrade Akeeba components before and clear your browser’s cache after upgrading. If you find a bug in Joomla, please report it on the Joomla! Issue Tracker.

HOUSEKEEPING

I hope you read whole blog title and now you’re wondering why so noise about next Joomla update, right. It’s because simple Joomla! update process is still insufficient. In some cases Joomla! core is only part of website code. There are approaching 7800 extensions, for starters, featured in the official Joomla! repository. Any could be poorly coded, badly maintained, or widely untested.  Most users install several components, modules and plugins from different developers and sometimes from suspicious sources.

Day like today it’s also good day to make some vacuuming in back-end. I just like to keep only the essentials in my website. I don’t like to keep unused content or extensions as the content can lead to a slow and bloated website as well as adding to confusion when looking for article. Unused extensions are also an overhead and potential security risk. You still need to do updates even for extensions that you aren’t using, and just because the extensions isn’t activated doesn’t mean that hackers can’t exploit loopholes in the PHP or JS code. Keep installed only what you really need and use. Get rid of everything else, uninstall them. For security and performance keep your website lean and mean!

PHP VERSION

Some facts, server with PHP it’s like road or highway for all Joomla! drivers, if he is weak or not updated regularly, then holes appear – we call them security holes or vulnerabilities. Since 13 Oct 2016 there are PHP 7.0.12 and PHP 5.6.27 (14 Oct). Those are security releases. Several security bugs were fixed. Ask your hosting provider to upgrade, if they didn’t done it already.

Currently Supported PHP Versions

**Branch****Initial Release****Active Support Until****Security Support Until**
**PHP 5.6**28 Aug 201431 Dec 201631 Dec 2018
**PHP 7.0**3 Dec 20153 Dec 20173 Dec 2018
Or, visualised as a calendar:

php_calendar

 Active support A release that is being actively supported. Reported bugs and security issues are fixed and regular point releases are made.
 Security fixes only A release that is supported for critical security issues only. Releases are only made on an as-needed basis.
 End of life A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.
 

Source Joomshaper