26 November 2014
This is in response to the allegations made by the JoomLeaks actor in the mass email sent out to people who had created a user account on the JoomlaDonation site. For more information about this email please take a look at http://forum.joomla.org/viewtopic.php?f=714&t=866985
30 September 2014
Executive summary: It is possible for a remote attacker to extract a remotely hosted archive while you are extracting a backup archive / installing an update, depending on your server settings. The attack is NOT possible at any other time. Merely having our software installed DOES NOT make your site vulnerable. The vulnerability was discovered and reported by Johannes Dahse of Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany.