Lets face it, being a victim, at least in most cases, really stinks and the folks at Joomla understand this just as much as the programmers who charge you a ridiculous fee for their content management systems. Only Joomla is open source yet just as soon as the vulnerabilities where discovered the Joomla team went to work squashing some 30 different bugs and plugging no less the 2 critical exploits, including one medium severity and the other dealing with an inadequate user validation issue. The good folks at Joomla would also like to remind you that v1.7 will reach ELO in just 2 weeks (Feb.24th 2012), so you should upgrade to the current release v2.5.1 as soon as you can.
Read the original article here. http://www.h-online.com/security/news/item/Joomla-updates-close-information-disclosure-holes-1429303.html