Joomla 3.9.20 is now available.
This is a security release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains over 25 bug fixes and improvements.
What's in 3.9.20?
Joomla 3.9.20 includes 6 security vulnerability fixes and addresses several bugs, including:
Security Issues Fixed
- Low Priority - Core - CSRF in com_installer ajax_install endpoint (affecting Joomla! 3.7.0 through 3.9.19)
- Moderate Priority - Core - Missing checks can lead to a broken usergroups table record (affecting Joomla! 2.5.0 through 3.9.19)
- Low Priority - Core - CSRF in com_privacy remove-request feature (affecting Joomla! 3.9.0 through 3.9.19)
- Low Priority - Core - Variable tampering via user table class (affecting Joomla! 3.0.0 through 3.9.19)
- Low Priority - Core - Escape mod_random_image link (affecting Joomla! 3.0.0 through 3.9.19)
- Low Priority - Core - System Information screen could expose redis or proxy credentials (affecting Joomla! 3.0.0 through 3.9.19)
Bug fixes and Improvements
- Upload & Update tab of Joomla Update Component: Fix to allow upload of ZIP filetype only #29877
- Local database server: Allow optional port numbers #29567
- Beez3 Template: Markup fix for the Tabs layout of com_contact #29636
- Beez3 Template: Allow custom field editing on frontend #29577
- Backend cache cleared when purging updates #29603
it GitHub for more information about this issue.
Click here for full release information.
We are familiar with the implementation of the upgrade and are currently upgrading multiple sites CONTACT US for a free proposal to update your site.