24 December 2015
Update to Joomla! 3.4.7 Now!
It's almost Christmas, however the Joomla team is still working.
On December 21th, a new security update was released to patch Joomla installations that uses vulnerable PHP versions. Read the full details in the official release announcement.
If you haven't updated yet, do it now through Components > Joomla update.
Joomla 1.5 and 2.5
The Joomla Security Strike Team made available patchs for those versions through this page. Download the zip file of your Joomla version, decompress and upload it to your site via FTP.
Third party extensions that uses $_SESSION to read or write data needs attention, in order to work correctly in Joomla 3.4.7. See the changes in the Github repository.