Joomla 3.9.3
13 February 2019
Joomla version 3.9.3 is now available (security release).
Upgrading to Joomla 3.9.3
Joomla 3.9.3 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.9.3 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.9.3
Security
- Low Priority - Core - Lack of URL filtering in various core components (affecting Joomla 2.5.0 through 3.9.2) - Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
- Low Priority - Core - Browserside mime-type sniffing causes XSS attack vectors (affecting Joomla 1.0.0 through 3.9.2) - A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
- Low Priority - Core - Additional warning in the Global Configuration textfilter settings (affecting Joomla 2.5.0 through 3.9.2) - "No Filtering" textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
- Low Priority - Core - Stored XSS issue in the Global Configuration help url #2 (affecting Joomla 2.5.0 through 3.9.2) - Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
- Low Priority - Core - XSS Issue in core.js writeDynaList (affecting Joomla 2.5.0 through 3.9.2) - Inadequate parameter handling in JS code could lead to an XSS attack vector.
- Low Priority - Core - Implement the TYPO3 PHAR stream wrapper (affecting Joomla 2.5.0 through 3.9.2) - The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Bug fixes and Improvements
- Prevent renaming/deleting the template index.php file #23654
- Smart Search improvement #23736
- Contacts banned fields removed #23585
- Improvement of the Integration tab display #23711
- Fix the category filter for featured articles #23454
- Fix for the Template Style field in the menu manager #23556
- Breadcrumbs for tags #23599