We currently have several positions we need to fill on our team.
Non coders welcome to apply.
Developer Coordinator - Supports developers in getting exploits resolved.
Exploit Researcher - Locates latest exploits via news feeds and website links.
Extension Tester - Tests Updates against POC A poc tester is expected to be able to do the following. Download a suspected vulnerable extension. Install to the latest version of joomla. Test proof of concept from alerts to confirm or deny vulnerable extensions. They should be able to test all methods of exploit and prepare a summary of findings.
Apply for roles at http://bit.ly/2RX8x6X
Please check with the extension publisher in case of any questions over the security of their product.
How to use this site
All known vulnerable extensions are listed in the LIVE VEL section. In these cases no patch is available and you are recommended to uninstall the extension from your site. The resolved VEL section lists extensions for which a patch is available, you are recommended to update if your site uses any of these extensions.
This list is compiled from found information and may not be an up to date accurate list
- We do NOT promise to test or validate these reports.
- We do NOT guarantee the quality or effectiveness of any updates reported to us or listed here.
- We do not list BETA products, or extensions for J1.0.x J1,5,x. or 2.5.x
Select the Vulnerability Reporting Link.
Developers - How to get yourself RESOLVED on the VEL
Please solve the issues and:
To have your extension marked as resolved, please follow these steps:
Contact the VEL team* with a notice of resolution, the latest version number and a link to the security release statement on your website. (Please read this article for further information on making a security release notice). Create a JED listing owner ticket to the JED with a notice and ask that your listing be republished. Include the full details of your new version number and security notice page
JVEL contact details and the JED support link is in your notice of "unpublication"
- If not JED listed.
Inform us with a notice of resolution, the latest version number and a link to the security release statement on your website.
* a developer must use the update form for notice of resolution