Joomla 3.9.27
26 May 2021
Joomla version 3.9.27 is now available (security release).
Upgrading to Joomla 3.9.27
Joomla 3.9.27 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.9.27 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.9.27
Security
- Low Severity - Low Impact - Adding HTML to the executable block list of MediaHelper::canUpload (affecting Joomla! 3.0.0 through 3.9.26) - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
- Low Severity - Low Impact - CSRF in AJAX reordering endpoint (affecting Joomla! 3.0.0 through 3.9.26) - A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
- Low Severity - Low Impact - CSRF in data download endpoints (affecting Joomla! 3.0.0 through 3.9.26) - A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
Bug Fixes
- Disable FLoC by default
- Postgres compatibility fixes for smart search
- Allow objects stored in tables as json
- Improve indexing performance of Smart Search
- Additional PHP 8 improvement