Release date: 8 July 2026.

JCE Content Editor 2.9.99.9 is a Bug Fix Release.

The developer is working hard to restore confidence in this popular extension following the recent Critical Security Fix (see below) by issuing frequent updates.

Read more: JCE 2.9.99.9 is released

This version is compatible with the Joomla! 5 and 6 Series and PHP 8.4 and 8.5.

The Backward Compatibility plugin does not need to be enabled to use it with Joomla! 5+

The next JCE release will be v3.0 when official support for the Joomla 3 CMS will be removed.

Read more: JCE Content Editor Release Notes

Heads Up

JCE 2.9.99.6 was a Security Fix

Release notes stated that v2.9.99.6 followed a:

"Codebase review and hardening across input validation, access control, and file handling".

Read more: JCE 2.9.99.6 Security Fix is released

12 June 2026

The developer has released a free patch for older versions of Joomla! CMS as well as some useful guidance for how to spot a compromise if one has indeed occurred. And how to fix any resulting hack.

Quick note: this unfortunate incident underscores the importance of performing regular Full Backups of your website and definitely before installing or updating any one Third Party Extension.

Visit the following link.

Read more: Free patch for older sites

JCE 2.9.99.5 was a Critical Security Fix

Vulnerability addressed by the JCE 2.9.99.5 Critical Security Fix: 

  • Insufficient access controls permitted unauthenticated users to upload editor profiles.

We at first understood that all Joomla! CMS websites using the JCE Content Editor were affected.

We subsequently learned that affected versions of JCE are from v2.7.x onwards.

Note: if you are using the latest available version and release of Joomla! CMS (recommended) then you should also be using the latest available of JCE and so your site will have been potentially impacted.

Read more: JCE 2.9.99.5 Critical Security Fix is released

For a comprehensive review of this Critical Security Fix, and the impact of not immediately installing the update, read the related post in the mysites.guru Blog.

Read more: mysites.guru Blog

JCE 2.9.99.4 was a Security Fix

Vulnerabilities addressed by the JCE 2.9.99.4 Security Fix were:

  • Insufficient profile access validation in the file browser,
  • Path traversal vulnerability in the file browser directory search action.

Read more: JCE 2.9.99.4 Security Fix is released

Information for users of Joomla! 3

Whilst official support for the Joomla 3 CMS will be removed when JCE v3.0 is released, the developer reports that minor updates addressing critical issues will continue to be provided for the 2.9.99 series using a supplemental version scheme, for example, 2.9.99.1, 2.9.99.2, etc.

This is to ensure Joomla 3 users remain supported for critical fixes while development progresses toward JCE v3.x.

Read more: Announcement by JCE Developer with release of JCE 2.9.99

Useful JCE Content Editor Information 

JCE Resource Requirements

Before using JCE we recommend you check out the developer's web page detailing server requirements and more for the best experience using their excellent extension.

Read more: JCE Resource Requirements

Video Tutorials

Visit the following link to make use of some really useful video tutorials at the developer's website.

Read more: JCE Editor Tutorials

JCE Developer recommends enabling IMagick PHP Extension

Reason: to improve performance when using the JCE Content Editor with images.

Read the developer's tutorial at the link below.

Quote:

"Image processing on your server is usually done by one of two PHP extensions - GD2 or IMagick. The latter is preferred, as it is more efficient, consumes less memory and is therefore better at processing large images. GD2 will always remove EXIF data from a resized image, regardless of the Remove EXIF Data option. You can check if IMagick is available on your site in System -> System Information -> PHP Information. Speak to your host if you do not see it listed." Source: JCE.

Read more: Optimizing Images on Upload

JCE Developer recommends using Permitted User Groups Whitelist option in Component Parameters

JCE 2.9.99.7 added a Permitted User Groups whitelist option in the Component parameters. This restricts which groups are eligible for profile assignment. Groups outside the whitelist are excluded from matching and from profile import.

Learn how to use it at the link below.

Read more: JCE 2.9.99.7 is released

Meet the man behind JCE: Ryan Demmer

June 2024 edition of the Joomla! Community Magazine (JCM) includes a really engaging article with Ryan Demmer, developer of the JCE Content Editor.

Read more: JCM interview with Ryan Demmer

Back up before updating any 3rd party Joomla! extension

Any update can break your website.

Perform a full backup of your website (database and files) before installing any update.

Read more: How to back up your website.

Read more: How to manage 3rd party extensions.

Release date: 8 July 2026.

JCE Content Editor 2.9.99.9 is a Bug Fix Release.

The developer is working hard to restore confidence in this popular extension following the recent Critical Security Fix (see below) by issuing frequent updates.

Read more: JCE 2.9.99.9 is released

This version is compatible with the Joomla! 5 and 6 Series and PHP 8.4 and 8.5.

The Backward Compatibility plugin does not need to be enabled to use it with Joomla! 5+

The next JCE release will be v3.0 when official support for the Joomla 3 CMS will be removed.

Read more: JCE Content Editor Release Notes

Heads Up

JCE 2.9.99.6 was a Security Fix

Release notes stated that v2.9.99.6 followed a:

"Codebase review and hardening across input validation, access control, and file handling".

Read more: JCE 2.9.99.6 Security Fix is released

12 June 2026

The developer has released a free patch for older versions of Joomla! CMS as well as some useful guidance for how to spot a compromise if one has indeed occurred. And how to fix any resulting hack.

Quick note: this unfortunate incident underscores the importance of performing regular Full Backups of your website and definitely before installing or updating any one Third Party Extension.

Visit the following link.

Read more: Free patch for older sites

JCE 2.9.99.5 was a Critical Security Fix

Vulnerability addressed by the JCE 2.9.99.5 Critical Security Fix: 

  • Insufficient access controls permitted unauthenticated users to upload editor profiles.

We at first understood that all Joomla! CMS websites using the JCE Content Editor were affected.

We subsequently learned that affected versions of JCE are from v2.7.x onwards.

Note: if you are using the latest available version and release of Joomla! CMS (recommended) then you should also be using the latest available of JCE and so your site will have been potentially impacted.

Read more: JCE 2.9.99.5 Critical Security Fix is released

For a comprehensive review of this Critical Security Fix, and the impact of not immediately installing the update, read the related post in the mysites.guru Blog.

Read more: mysites.guru Blog

JCE 2.9.99.4 was a Security Fix

Vulnerabilities addressed by the JCE 2.9.99.4 Security Fix were:

  • Insufficient profile access validation in the file browser,
  • Path traversal vulnerability in the file browser directory search action.

Read more: JCE 2.9.99.4 Security Fix is released

Information for users of Joomla! 3

Whilst official support for the Joomla 3 CMS will be removed when JCE v3.0 is released, the developer reports that minor updates addressing critical issues will continue to be provided for the 2.9.99 series using a supplemental version scheme, for example, 2.9.99.1, 2.9.99.2, etc.

This is to ensure Joomla 3 users remain supported for critical fixes while development progresses toward JCE v3.x.

Read more: Announcement by JCE Developer with release of JCE 2.9.99

Useful JCE Content Editor Information 

JCE Resource Requirements

Before using JCE we recommend you check out the developer's web page detailing server requirements and more for the best experience using their excellent extension.

Read more: JCE Resource Requirements

Video Tutorials

Visit the following link to make use of some really useful video tutorials at the developer's website.

Read more: JCE Editor Tutorials

JCE Developer recommends enabling IMagick PHP Extension

Reason: to improve performance when using the JCE Content Editor with images.

Read the developer's tutorial at the link below.

Quote:

"Image processing on your server is usually done by one of two PHP extensions - GD2 or IMagick. The latter is preferred, as it is more efficient, consumes less memory and is therefore better at processing large images. GD2 will always remove EXIF data from a resized image, regardless of the Remove EXIF Data option. You can check if IMagick is available on your site in System -> System Information -> PHP Information. Speak to your host if you do not see it listed." Source: JCE.

Read more: Optimizing Images on Upload

JCE Developer recommends using Permitted User Groups Whitelist option in Component Parameters

JCE 2.9.99.7 added a Permitted User Groups whitelist option in the Component parameters. This restricts which groups are eligible for profile assignment. Groups outside the whitelist are excluded from matching and from profile import.

Learn how to use it at the link below.

Read more: JCE 2.9.99.7 is released

Meet the man behind JCE: Ryan Demmer

June 2024 edition of the Joomla! Community Magazine (JCM) includes a really engaging article with Ryan Demmer, developer of the JCE Content Editor.

Read more: JCM interview with Ryan Demmer

Back up before updating any 3rd party Joomla! extension

Any update can break your website.

Perform a full backup of your website (database and files) before installing any update.

Read more: How to back up your website.

Read more: How to manage 3rd party extensions.

By browsing our website you agree to its use of cookies. Cookie Policy.