His team Joomla announced version 3.4.5. or which fixes an SQL Injection vulnerability which is characterized as critical.
This SQL vulnerability was reported in October 15. Although there are still no specific details about it, its Security team Joomla said that theme was important enough to justify her pre-announcement which happened the next day.
According to the available data we currently have, vulnerability is due to "insufficient data filtering" and affects Jomla's core for all versions from 3.2 to 3.4.4.
In addition to SQL injection, two other vulnerabilities were also fixed. The new edition stamps on functions com_contenthistory and com_content that allow attackers to access data that should normally be restricted as unprivileged users.
These vulnerabilities affect Joomla versions from 3.2 to 3.4.4 (com_contenthistory) and from 3.0 to 3.4.4 (com_content).
All users are invited to upgrade as soon as possible to avoid an attack on their site's code.
You can download the latest version of Joomla CMS from official webpage, or by GitHub.