By purchasing, downloading or using any OnlineCommunityHub software extension, you confirm that you have read and accepted these Terms and Conditions in full. OnlineCommunityHub reserves the right to amend these Terms and Conditions at any time. The current version is always published on this page. Continued use of our extensions following any amendment constitutes acceptance of the revised terms.
OnlineCommunityHub is a trading name of J.L.R. van Lent Holding B.V., a company incorporated in the Netherlands. All legal matters are governed by Dutch law.
1. Purchasing an extension
Purchasing an extension gives you access to:
- the latest version of the extension at the time of purchase;
- all updates (feature, maintenance and security) released during the active subscription period;
- security updates as described in Section 3, including after subscription expiry;
- support via our forum for the duration of the active subscription.
Payment can be completed via Mollie (supporting iDEAL, credit card, Bancontact, bank transfer and other methods), PayPal, or Stripe. The available payment methods are shown at checkout. Subscriptions are activated after payment has been received and confirmed.
A purchase is linked to the customer account that completed the purchase, not to a specific website or server. Services are provided to the account holder, not to any third party who may later gain access to a website on which the extension is installed.
Although downloads are not limited in number, a purchase may not be shared. Sharing download keys or using methods that enable multiple simultaneous unauthorized downloads is strictly prohibited and may result in immediate termination of access.
2. Subscription, updates and support period
Our extensions are offered on a subscription basis. The subscription period is typically one year, as shown on the product page.
We distinguish between three types of updates:
| Update type | Description | Availability |
|---|---|---|
| Security update | Addresses a confirmed security vulnerability | Free for all license holders within the support period, including expired subscriptions — see Section 3 |
| Maintenance update | Bug fixes, stability improvements, compatibility updates | Requires an active subscription |
| Feature update | New functionality and enhancements | Requires an active subscription |
After your subscription expires, you may continue to use the version of the extension you last downloaded, on any number of websites, without restriction. You will no longer receive maintenance or feature updates, or support, until you renew your subscription.
The support period, during which security updates are provided, is separate from the subscription period and is defined in Section 3.
Definition: what constitutes a security update
A security update is a release that addresses a confirmed exploitable vulnerability, a weakness in the extension that could be exploited by a malicious actor to gain unauthorized access, extract data, execute code, or otherwise compromise a system or its data.
The classification of a release as a security update is made by OnlineCommunityHub at the time of release and is documented as such in the changelog. The following do not constitute security updates for the purposes of the free access entitlement under Section 3:
- bug fixes that address functional defects without an exploitable attack vector;
- stability or performance improvements;
- compatibility updates for new Joomla or PHP versions;
- preventive hardening measures where no concrete exploitable vulnerability has been identified;
- any release not explicitly labelled as a security update in the changelog at the time of release.
Where a release addresses both a security vulnerability and other improvements, only the security fix component triggers the free access entitlement. The release as a whole is classified according to its most critical component.
From 11 September 2026, actively exploited vulnerabilities are reported to the Dutch National Cyber Security Centre (NCSC) as required by the CRA. NCSC reporting provides an objective external anchor for the most critical security classifications.
3. Security updates and EU Cyber Resilience Act
EU Cyber Resilience Act (Regulation 2024/2847)
OnlineCommunityHub extensions are regular products with digital elements within the meaning of the CRA. As manufacturer, we are required to provide free security updates for a minimum of five years and to notify license holders of security-relevant releases.Security update policy
Security updates are always made available free of charge to all license holders within the support period, regardless of whether the subscription is active or expired, provided the installation is running on a supported platform (see Section 5 and "Platform dependency" below). When a security release is published, all eligible license holders receive:
- an email notification on the day of release;
- temporary download access for 30 days, activated automatically for all license holders including those with an expired subscription.
Security updates are released in the current version of the extension. License holders on older versions are entitled to download and install the current security release. There is no entitlement to receive security fixes backported to historical versions of the extension.
Support period
The support period for security updates is a minimum of five (5) years from the date of first purchase, or until the end of the support period published on the product page at the time of purchase, whichever is later.
The support end date is displayed on the product page and in your account. We communicate the support end date at the time of purchase.
OnlineCommunityHub applies the five-year security update commitment to all license holders, including those whose purchase predates the entry into force of the EU Cyber Resilience Act (10 December 2024). This is a voluntary commitment for historical purchases and a legal obligation for purchases made on or after the CRA's full enforcement date (11 December 2027). In all cases, the commitment applies only to installations on supported platforms as defined in Section 5.
Platform dependency
Security updates are built for supported platforms only (see Section 5). An extension cannot be kept secure when running on a platform, Joomla or PHP, that has itself reached end of life and no longer receives security updates from its respective maintainer. Installations on end-of-life platforms fall outside the security support period.
When a supported platform approaches end of life, we notify affected customers by email and advise them to upgrade.
The security update entitlement applies to license holders running installations on supported platforms at the time of the request. Migration to a supported platform after a period of running on an unsupported platform does not create retroactive entitlement to security fixes issued during the unsupported period. From the point of migration to a supported platform, the license holder's entitlement to future security fixes resumes, subject to the remaining support period.
Current version entitlement, no backporting obligation
Security updates are maintained in the current supported version of the extension. OnlineCommunityHub does not maintain separate security fix branches for historical major versions. A license holder's entitlement is to a current version of the extension that does not contain known exploitable vulnerabilities, not to a specific historical version or a fix backported to a version they previously ran.
Where a vulnerability was fixed in a previous major version and the current version does not contain that vulnerability, whether because the fix carried forward, the affected code was rewritten, or the code path no longer exists, the current version constitutes the remediated release. The entitlement is satisfied by the availability of the current patched version on a supported platform.
Multi-component extensions
Some OnlineCommunityHub extensions consist of multiple installable components, for example, a core extension combined with one or more modules and plugins. These components are available both as a combined installation package and as individual downloads.
Where a security vulnerability is identified and fixed in one or more specific components, the security update entitlement covers only the component or components in which the vulnerability was identified and fixed. There is no entitlement to updated components that do not contain the security fix.
The changelog for each security release explicitly identifies which components are affected. OnlineCommunityHub may, at its discretion, provide a full package update that includes the security fix alongside unchanged components, but doing so does not establish a precedent or entitlement to full package updates in future security releases.
Where component version dependencies mean that a functional security update requires installing a newer version of dependent components, the entitlement extends to those dependent components for that specific release. This constitutes a one-time entitlement to the current version of the affected components solely for the purpose of applying the security fix. It does not reinstate subscription access to future releases, support, or maintenance updates. OnlineCommunityHub documents component version dependencies and minimum compatible version combinations in the release notes and on the product page.
OnlineCommunityHub cannot verify the Joomla or PHP version of individual customer installations. It is the customer's responsibility to ensure their installation meets the supported platform requirements before applying a security update. Where possible, platform compatibility is enforced at the installation level via the extension manifest. Installing a security update on an unsupported platform is at the customer's own risk and does not create a support entitlement.
Security vulnerabilities
To report a security vulnerability in one of our extensions, please use the form on our Security & vulnerability disclosure page or email security@onlinecommunityhub.nl. We operate a coordinated disclosure policy and commit to acknowledging reports within 48 hours.
4. Download keys and server authorization
Each subscription is associated with a unique download key. This key is used by Joomla's built-in update mechanism to authenticate download requests and verify that your subscription is active.
Server authorization (2FA)
To prevent unauthorized use of download keys, we operate a server authorization system. When a server or environment makes a download request using your download key for the first time, you will receive an email notification. You must approve the request in your account before the download proceeds.
Within your account under My Account > My Devices you can at any time view, add, edit or remove authorized servers associated with your download key.
Keep your download key confidential!
Do not share your download key with third parties. If you believe your download key has been compromised, contact us immediately so we can issue a replacement.IP addresses of servers making download requests are stored as described in our Privacy Policy. Approved servers remain stored until you remove them or your account is closed. Denied or pending requests are retained to prevent repeated notification emails.
5. Joomla! and PHP compatibility
We maintain a N / N-1 support policy for Joomla: we actively support the current major version (N) and the previous major version (N-1). Feature updates, maintenance updates and security updates are built for supported Joomla and PHP versions only.
The currently supported versions are published on each product page and on our Security & vulnerability disclosure page. The table below reflects the current policy:
| Platform | End of Active Support | End of Security Support | OCH Support | Note |
|---|---|---|---|---|
| Joomla 6 (N) | 17 Oct 2028 | 16 Oct 2029 | Supported | Primary target platform |
| Joomla 5 (N-1) | 13 Oct 2026 | 12 Oct 2027 | Supported | Supported until Joomla 5 EOL |
| Joomla 4 | 15 Oct 2024 | 14 Oct 2025 | Not supported | EOL reached; upgrade |
| Joomla 3 | 17 Aug 2021 | 17 Aug 2023 | Not supported | No security patches available |
| PHP version | End of Active Support | End of Security Support | OCH Support | Note |
|---|---|---|---|---|
| 8.5 | 31 Dec 2027 | 31 Dec 2029 | Supported | |
| 8.4 | 31 Dec 2026 | 31 Dec 2028 | Supported | Recommended Joomla 6 |
| 8.3 | 31 Dec 2025 | 31 Dec 2027 | Supported | Minimum Joomla 6 Recommended Joomla 5 |
| 8.2 | 31 Dec 2024 | 31 Dec 2026 | Supported | |
| 8.1 | 31 Dec 2023 | 31 Dec 2025 | Supported | Minimum Joomla 5 |
| 8.0 and lower | EOL | EOL | Not supported |
We cannot guarantee compatibility with all third-party Joomla extensions. Our extensions are built to Joomla! Coding Standards and do not require the Joomla Backward Compatibility plugin.
When a Joomla or PHP version reaches end of life, we notify affected customers and update the compatibility tables on our website.
Template overrides
Joomla allows site owners and agencies to override extension layout files by placing modified copies in the active template directory. OnlineCommunityHub has no visibility of, or control over, template overrides placed on customer installations.
When a security update changes a layout file in one of our extensions, the corresponding template override on an installation is not automatically updated. Site owners and agencies are responsible for reviewing and updating any template overrides that are affected by a security release. Our changelog explicitly identifies which layout files have changed in each security release to facilitate this review.
OnlineCommunityHub cannot be held responsible for security vulnerabilities that persist on an installation because an outdated template override bypasses a security fix that has been correctly shipped in the extension update.
6. Pricing and VAT
All prices are shown excluding VAT. VAT at the applicable rate (currently 21% for Netherlands residents) is added at checkout where applicable.
VAT is not charged to EU residents outside the Netherlands who provide a valid VIES-registered VAT number, in accordance with European Directive 2008/8/EU and applicable national implementations.
If incorrect information is provided at the time of purchase, for example: a VAT number that cannot be verified, resulting in VAT not being charged when it should have been, we reserve the right to issue a corrective invoice for the outstanding VAT amount. An administration fee of €1.21 may be added to cover transfer costs. The subscription period will be adjusted until the corrective invoice is settled.
We reserve the right to change prices at any time without prior notice. The price applicable to your purchase is the price shown at the time your order is confirmed.
7. Software license: GNU/GPL v2
All OnlineCommunityHub software extensions are licensed under the GNU General Public License v2.0. The full license text is available at https://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
You are authorized to modify the extensions for your own purposes. Any redistribution, of the original or a modified version, must be made in accordance with the terms of the GNU GPL v2. You must not remove or alter the copyright notices in the source code files.
After your subscription expires, you retain the right to continue using the version of the extension you last downloaded, without restriction, in accordance with the GPL license.
The GPL license grants the right to use, modify and redistribute the software. It does not entitle any party to receive updates, security fixes, support or any other service from OnlineCommunityHub. These services are available exclusively to registered license holders with an active or eligible account.
License chain — agencies and third-party installations
Licenses are granted to the purchasing account holder. End clients on whose websites the extension is installed do not hold a direct license with OnlineCommunityHub and cannot independently access downloads, updates or support. In the event that the purchasing account holder's subscription lapses or the relationship between account holder and end client ends, it is the responsibility of the account holder or end client to ensure a valid license is in place to access updates.
If you are an agency or developer installing this extension on websites belonging to third-party clients, you are the license holder. Your clients have no direct commercial relationship with OnlineCommunityHub. Security updates are available to you as the license holder, it is your responsibility to apply those updates to sites under your management, including updating any template overrides that may be affected by a security release. Security releases that affect layout files are explicitly flagged in our changelog.
8. Additional terms, trademarks (Section 2 GNU/GPL v2)
"OnlineCommunityHub" and all non-generic extension names are trademarks of OnlineCommunityHub (J.L.R. van Lent Holding B.V.). The GPL license does not grant any trademark rights. All rights, title and interest in our trademarks remain entirely with OnlineCommunityHub.
Licensees are granted a limited, non-exclusive right to use the OnlineCommunityHub name and logo solely in connection with unmodified copies of the extensions, to identify their origin.
If you distribute modified copies of any extension, you must:
- replace or remove all references to "OnlineCommunityHub" and any extension name from all files, images and visual outputs (front-end and back-end);
- remove any code that initiates a connection to servers managed by OnlineCommunityHub;
- give the modified extension a new name that is not confusingly similar to the original;
- leave all copyright notices within source code files fully intact.
The name "OnlineCommunityHub" and any extension name may not be used to endorse or promote products derived from our extensions without prior written permission.
If any provision of these Terms is held to be unenforceable, it does not excuse you from the conditions of the GNU GPL license. If you cannot distribute the extension in a way that satisfies both these Terms and any other applicable obligations, you may not distribute the extension at all.
9. Support
Customers with an active subscription may request support via our public support forum. Support is provided in English. Community support (best-effort, no guaranteed response time) is available to users of free extensions or free versions of our extensions.
We reserve the right to limit or cancel support in the following situations:
- unreasonable behavior by the customer, including abusive or offensive language;
- persistent server-side issues that are outside our control or scope of responsibility;
- the customer is not cooperative in providing information necessary to investigate the issue.
Support does not cover modifications made to the extension by the customer or a third party.
10. Refund policy
We offer a 30-day money-back guarantee. If you are not satisfied with an extension for any reason, contact us within 30 days of purchase via our contact page, stating the extension name and your order number. We will process a full refund within 3 business days, excluding any transaction costs charged by the payment provider.
We welcome feedback on the reason for your return, this helps us improve our products, but providing a reason is not required to receive a refund.
11. Warranty and liability
OnlineCommunityHub software extensions are provided "as is", without warranty of any kind, either expressed or implied, including but not limited to warranties of merchantability or fitness for a particular purpose.
To the maximum extent permitted by applicable law, J.L.R. van Lent Holding B.V. shall not be liable for any direct, indirect, incidental, special, consequential or other damages arising from the use of or inability to use our software extensions, even if advised of the possibility of such damages.
We cannot guarantee compatibility with all third-party extensions or configurations. We cannot guarantee that extensions will continue to function without modification following future Joomla or PHP releases outside our stated support matrix.
CRA security obligation
Notwithstanding the above, we are required by the EU Cyber Resilience Act to provide security updates for the duration of the support period and to address confirmed vulnerabilities without undue delay. The warranty disclaimer above does not limit our obligations under the CRA.12. Termination
We reserve the right to terminate your access to any or all of our extensions at any time, without prior notice, in the event of a material breach of these Terms and Conditions, including but not limited to unauthorized sharing of download keys.
We may discontinue an extension, the website or any service at any time. In the event of discontinuation of an extension during an active subscription period, we will provide a pro-rata refund for the remaining subscription period.
Termination of your subscription does not affect your right to continue using the version of the extension you last downloaded under the GPL license.
13. Copyright and ownership
All OnlineCommunityHub software extensions are and remain the intellectual property of J.L.R. van Lent Holding B.V., except where ownership clearly lies with third parties (such as included open-source libraries). The customer does not acquire any ownership rights to the extensions by purchasing a subscription.
OnlineCommunityHub respects the intellectual property rights of others. If you believe that content on our website or within our extensions infringes your copyright, please contact us via the contact form.
14. Acceptable use
Our extensions may not be used on websites that contain or facilitate:
- adult or sexually explicit content;
- illegal gambling;
- illegal content of any kind under applicable law;
- harassment, hate speech or content that incites violence.
We reserve the right to terminate access without refund if we become aware of use in violation of this section.
15. Governing law and jurisdiction
These Terms and Conditions are governed by the laws of the Netherlands. Any disputes arising from or in connection with these Terms and Conditions shall be submitted to the exclusive jurisdiction of the competent court in the Netherlands.
OnlineCommunityHub is a trading name of J.L.R. van Lent Holding B.V., registered with the Dutch Chamber of Commerce (Kamer van Koophandel).
16. Changelog
- May 26th, 2026 - Version 2.1:
- Added GPL services clarification (GPL license does not entitle third parties to updates or support from OCH); added license chain section (agency/third-party installation scenarios, end-client license responsibilities); added template override section (agency responsibility to update overrides on security releases, OCH liability limitation); updated changelog.
- Added explicit definition of security update (exploitable vulnerability threshold, classification at time of release, NCSC reporting anchor, exclusion of bug fixes and preventive hardening); clarified that security updates are released in current version only (no backporting obligation); added voluntary vs legal commitment distinction for pre-CRA and post-CRA purchases; clarified platform dependency applies to free access entitlement.
- Added platform migration clause (no retroactive entitlement for unsupported periods; entitlement resumes on migration to supported platform); added current version entitlement clause (no backporting obligation; entitlement is to current patched version); added download window and post-window request process (30-day window; post-window access on request, verified against licence and platform); added component dependency entitlement clause (one-time lift to current version for functional fix; does not reinstate subscription); added platform verification note (customer responsibility; manifest enforcement where possible).
- May 20th, 2026 - Version 2.0: Full revision. Updated responsible party name to reflect trading name structure (OnlineCommunityHub / J.L.R. van Lent Holding B.V.); updated payment methods (added Mollie and Stripe, removed iDEAL-only reference); introduced update type table distinguishing security, maintenance and feature updates; added Section 3 on security update obligations under the EU Cyber Resilience Act (CRA); added Section 4 on download key security and server authorization; revised Joomla! compatibility section to reflect N/N-1 major version policy (Joomla 5 and 6); updated warranty section with CRA carve-out; added pro-rata refund provision on discontinuation; added acceptable use section; added this changelog.
- December 17, 2021: Minor updates.
- June 2, 2016: Initial version.