Joomla 3.9.5
10 April 2019
Joomla version 3.9.5 is now available (security release).
Upgrading to Joomla 3.9.5
Joomla 3.9.5 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 3.9.5 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 3.9.5
Security
- Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) - The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
- High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) - The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
- Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) - The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.
Bug fixes and Improvements
- User Password: Add minimum lowercase rule for password validation #24230
- Associations tab: Fix wrong behaviour of Indonesian language #24244
- Debug language: Fix User Actions Log Manager #24178
- New installation language: Kazakh #24233
- Google Authenticator plugin (2FA): QR-code generator implemented #24255