Joomla 3.9.24
12 January 2021
Joomla version 3.9.24 is now available (security release).
Upgrading to Joomla 3.9.24
Joomla 3.9.24 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.9.24 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.9.24
Security
- [20210101] Low Severity - Low Impact - com_modules exposes module names (affecting Joomla! 3.0.0 through 3.9.23) - Lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
- [20210102] Low Severity - Moderate Impact - XSS in mod_breadcrumbs aria-label attribute (affecting Joomla! 3.9.0 through 3.9.23) - Lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
- [20210103] Low Severity - Moderate Impact - XSS in com_tags image parameters (affecting Joomla! 3.1.0 through 3.9.23) - Lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
Bug fixes and Improvements
- Continuing to improve PHP 8 support #31628 #31537 #31536 #30921
- Solved performance issue with zip archives containing zip files #31514
- Removes deprecate feature-policy and adds the new Permissions Policy #30819
- Update joomla/image dependency #31663
- Fixed regression SMTP Settings Test #31724
- Fixed regression to save empty passwords in global configuration #31672