Joomla 6.0.2
12 January 2026
Joomla version 6.0.2 is now available (security release).
Upgrading to Joomla 6.0.2
Joomla 6.0.2 can be updated to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 6.0.2 upgrade prior to moving it live with Installatron's Sync funtionality. Get started managing Joomla with Installatron
What's New in Joomla 6.0.2
Security fixes
- Joomla! Core - [20260101] - Inadequate content filtering for data URLs - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
- Joomla! Core - [20260102] - XSS vector in the pagebreak plugin - Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins.
Bug fixes and improvements
- #46503 NPM audit fix security vulnerabilities in indirect development dependencies by @richard67
- #46484 Fix menu toggle startlevel handling by @LadySolveig
- #46475 Fix deprecated message in messages - my settings by @chmst
- #46450 Fix emailToPunycode() throws "Prohibited input U+0000005C" by @janschoenherr
- #46279 Cassiopeia Extended - Use hover color for btn-primary by @drmenzelit
- #46518 Language keys of Cassiopeia Extended template (in frontend) translated by @alikon
- #46541 Prevent error when cache of language file broken by @joomdonation
- #46543 Fix tinyMCE dark mode by @dgrammatiko
- #46550 Fix deep submenu display by @bembelimen
- #46591 NPM audit fix security vulnerabilities in development dependencies by @richard67