Latest updates

RSFirewall! 3.3.13 09 Jul 2026

Added - Protection against Helix Ultimate < 2.2.7 vulnerability.
Added - Protection against Balbooa Forms < 2.4.1 vulnerability.
Updated - Rewrote 'Login' and 'Forbidden' views into File Layouts.

RSMatias! 1.2.1 12 Jan 2026

Fixed - Module front-end editing button was not displayed correctly.

RSMediaGallery! 2.2.1 06 Jul 2026

Fixed - PHP 8.5+ compatibility fixes.

RSSeo! 1.22.0 02 Jul 2026

Added - IndexNow integration.
Added - llms.txt generator.
Added - Added the option to match URL parameters when applying page metadata.
Added - Added a button to delete all error URLs.
Added - Redesigned the edit page for improved usability and readability.
Added - Added the ability to view similar pages and set their canonical URL to the current edited page.
Fixed - Miscellaneous code improvements.

RSDirectory! 2.3.7 02 Jul 2026

Updated - Changed validation language constant from 'JERROR_ERROR' to 'COM_RSDIRECTORY_VALIDATION_ERROR' to allow overriding.

RSMembership! 2.2.8 30 Jun 2026

Added - Can 'Select Root Folder' in RSMembership - Configuration to navigate to the selected folder when accessing the 'Files' section.
Fixed - Some PHP Deprecated messages could appear when adding a membership to a user.

Latest blog entries

Unauthenticated File Upload fixed in RSFiles! version 1.17.12 - update NOW!

A critical flaw in the RSFiles! upload function allows unauthenticated file uploads without enforcing any file extension.

What this means is that any attacker, without having an account on your website, can upload a .php file in your /downloads directory and execute it.

The bottom line is: update immediately to RSFiles! 1.17.12 which fixes this along some other not-reported, but less critical security issues.

Is this exploited in the wild?

Fortunately, at the time of writing, the vulnerability is not public information. It has been privately disclosed by the team at mySites.guru which we thank and recommend - they deliver fantastic services. However, as this is now disclosed, this will be exploited in the wild probably in a few hours after the new version has been released.

How to mitigate this

If you are using RSFirewall!, by default file uploads with a .php extension are silently deleted so you're protected.

Update as soon as possible

Do not rely on firewalls to keep up with this - your immediate action should be to update RSFiles! to the latest release. If updating is not possible, delete /components/com_rsfiles/controllers/rsfiles.php. This will render RSFiles! unusable, but the file contains the affected code so you won't be vulnerable.

Things to check regardless if you're affected or not

  • Any stray .php files in the downloads/ folder and in any other sub-folders;
  • Any stray .php files in the briefcase/ folder and in any other sub-folders;
  • Check if your download folders are secure - go to RSFiles - Settings - Files and tick both the 'Secure download folder' and 'Secure briefcase folder' checkboxes. This will create a file named .htaccess that disallows direct access to these folders, so files will only be served through RSFiles!.
  • Check your server's raw access logs for POST requests pointing to
    index.php?option=com_rsfiles&task=rsfiles.upload that are not preceded by a request to index.php?option=com_rsfiles&task=rsfiles.checkupload

Independence Day Sale 2026

Celebrate Freedom with Exclusive RSJoomla! Discounts

Celebrate Independence Day with exclusive RSJoomla! deals! Save big on our premium Joomla! extensions and templates and give your website the tools it deserves.

RSParma! Template

Introducing RSParma! - A Modern Joomla! Template Built for Professional Websites

RSParma! is a brand-new Joomla! 4, 5 and 6 template from RSJoomla!, crafted for businesses, agencies, portfolios, and professional websites. Combining a modern design with flexible customization options and excellent performance, RSParma! makes it easy to build a website that stands out on any device.

Latest articles from our docs

RSFiles! Changelog
in RSFiles! - Changelog 4 hours ago.

10 Jul 2026 Version 1.17.12 Unauthenticated File Upload fixed in RSFiles! version 1.17.12 - update NOW! - read more details on our blog Fixed - A failed permissions check during the frontend file upload allows visitors to upload any type of file. This release...

RSFirewall! Changelog
in RSFirewall! User Guide - Changelog 1 day ago.

09 Jul 2026 Version 3.3.13 Added - Protection against Helix Ultimate < 2.2.7 vulnerability. Added - Protection against Balbooa Forms < 2.4.1 vulnerability. Updated - Rewrote 'Login' and 'Forbidden' views into...

RSMatias! Changelog
in RSMatias! - Changelog 3 days ago.

12 Jan 2026 Version 1.2.1 Fixed - Module front-end editing button was not displayed correctly. 17 Oct 2025 Version 1.2.0 Updated - Various Joomla! 6 compatibility improvements. 10 Jun 2025 Version 1.1.2 Updated - Social...