Joomla 5.3.4
1 October 2025
Joomla version 5.3.4 is now available (security release).
Upgrading to Joomla 5.3.4
Joomla 5.3.4 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Joomla updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Joomla install to test the 5.3.4 upgrade prior to applying it live. Get started managing your Joomla installations with Installatron
What's New in Joomla 5.3.4
Security
- [20250901] - Core - Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
- [20250902] - Core - Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
Bug Fixes and Changes
- Update Icon of Miscellaneous Information in Contact [46067]
- Fix deploy_version typo in com_scheduler [46085]
- Fix for in the build process wrongly removed copyright messages [46146]
- Restored Article Version Now Properly Checked Out to Current User [45597]
- DELETE request returns a 204 when an item doesn't exists [45589]
- Set http status header for XML/feed responses [45419]
- Update TinyMCE from 6.8.5 to 6.8.6 to fix TinyMCE issue with cursor placement [45987]
- Joomla Dialog add support for aria-label [46090]
- Add check if certain fields exist in versioning before using them [46009]
- Update joomla/filesystem package to fix extension uploads when post_max_size is 0 [45986]
- Enhance header handling in transport classes to support array values [46078]
- Composer update joomla/oauth2 to 3.0.2 to fix case insensitive OAuth2Client authentication [46132]
- Security updates for composer and npm dependencies for the upcoming 5.3.4 release [45984]