Content Management Systems (CMS) are platforms that enable organizations to efficiently manage and publish website content. CMS developers regularly release updates to address security vulnerabilities, improve performance, and maintain system stability. Keeping CMS installations up to date is essential to ensure secure and reliable website operations.

Security Risks

Websites running outdated CMS versions are vulnerable to attacks by cybercriminals, who may gain unauthorized access, steal sensitive data, and disrupt the availability of the website.

Recommended Actions

Website owners and administrators are strongly advised to update their CMS platforms to the latest supported versions to ensure security, stability, and continued support.

WORDPRESS

The only current officially supported version is the latest major release of WordPress. The current version is WordPress 6.8.3.

Previous major releases before this may or may not receive security updates as exploits are discovered. For more information, you can refer to WordPress releases and WordPress Security Updates.  

DRUPAL

Drupal’s stable versions that are actively supported are the following:

• Drupal 11.2.8

• Drupal 11.1.9

• Drupal 10.5.6

• Drupal 10.4.9

Drupal 10.x is scheduled to reach its official end-of-life on December 9, 2026, and organizations are encouraged to begin planning their upgrade to Drupal 11 to ensure continued support and security.

The following versions have reached End-of-Life and are fully unsupported

• Drupal 9.x, 8.x series and all earlier versions are fully unsupported

For more information, please refer to Drupal Security Advisories and Drupal Core Release Cycle.

TYPO3

The latest stable TYPO3 releases are TYPO3 v13 LTS and TYPO3 v12 LTS. The current versions with Long Term Support are:

• TYPO3 v13 LTS 

• TYPO3 v12 LTS

The following TYPO3 versions have reached the end of Standards Support. Security updates are available through Extended Long-Term Support (ELTS):

• TYPO3 v11 LTS: Standard support ended on October 31, 2024; ELTS available until October 31, 2027.

• TYPO3 v10 LTS: Standard support ended April 30, 2023; ELTS available until April 30, 2026.

The following TYPO3 versions have reached End-of-Life and are fully unsupported:

• TYPO3 v9, v8, v7 and all earlier versions.

For more information, please refer to TYPO3 CMS Development Roadmap.

JOOMLA!

The currently supported major releases of Joomla! CMS are 6.x and 5.x. The latest stable versions are:

• Joomla! 6.x

• Joomla! 5.x

The following Joomla! versions have reached End-of-Life and are fully unsupported

• Joomla! 4.x series and all earlier versions are fully unsupported

For more information, please refer to Joomla! CMS versions documentation and Project Roadmap.

Website owners and hosting providers are advised to consider the following best practices to secure their websites:

• Before installing or upgrading the version, please review the system requirements and installation instructions;

• Before any update task, ensure you have backup for your data;

• Keep all CMS extensions, plugins, and themes updated to their latest supported versions;

• Enforce the use of HTTPS;

• Disable outdated secure communication protocols: SSLv2, SSLv3, TLS 1.0 and TLS 1.1.

• Enable Multi-Factor Authentication (MFA) for all administrator and privileged accounts.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.