Joomla 3.9.4
13 March 2019
Joomla version 3.9.4 is now available (security release).
Upgrading to Joomla 3.9.4
Joomla 3.9.4 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.9.4 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.9.4
Security
- High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3) - The sample data plugins lack ACL checks, allowing unauthorized access.
- Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3) - The JSON handler in com_config lacks input validation, leading to XSS vulnerability.
- Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3) - The item_title layout in edit views lacks escaping, leading to a XSS vulnerability.
- Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3) - The media form field lacks escaping, leading to a XSS vulnerability.
Bug fixes and Improvements
- User Terms (#23787) and Privacy Consent (#23660) plugins: Layouts for the label and message added
- Featured articles: Page subheading added #23583
- Custom formfield layout paths simplified #22645
- Com_contact: Contact name field moved out of the Contact Information block #23563
- Custom module: Improvement of the frontend editing #23741
- Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged