Joomla Update Manager Is Dangerous!
OK so the title to this blog may be a bit harsh but I wanted to get your attention because although it is not dangerous it is potentially a problem. So now hopefully you are interested in what I have to say because after you read this I am sure you will agree there is the potential for a problem.
For all practical purpose the Joomla update manager is a fantastic addition to Joomla and one that I am sure everyone will agree is one of the most valuable components in Joomla. Where it is dangerous is it has the tenancy to make us complacent to assume if there are no updates listed our sites are in good shape.
The underlying problem with this is there are quite a few extensions that either have their own updater, such as Akeeba Backup and Akeeba Admin Tools and many of them do not even get reported to the Joomla update utility.
Then there are those that neither have their own update utility and don't use the Joomla update manager. So about now I am sure a light just went off in your head and is telling you where I am going with this post. So if an extension does not have an updater or use the Joomla update manager there is no direct way to know if the extension is out of date or if it has a critical update available because a vulnerability was found.
So because of the new Joomla Update Manager we tend to forget about these other third party extensions because we assume we will be notified of any updates. So while this component is a huge leap forward for Joomla it is also a problem that we need to be aware of.
With that said, don't assume all your extensions are reporting they are up to date or that they don't have an update or security issue on your site just because Joomla says so! Be vigilant and keep good records of your sites extensions so that you are aware of which ones are listed in the Joomla Update Manager and which ones are not and although it is a pain to manage all those extensions, especially if you manage multiple Joomla websites be aware of this potential issue.
Make sure to check the Vulnerable Extension Checklist page early and often. For those of you that don't know about this page HERE is the link. Also there are some other links that will help you to be a better Joomla webmaster and I have included them below.