Joomla 3.9.4 is now available. This is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains over 28 bug fixes and improvements. Note before upgrading, make sure you update all third-party extensions.
What's in Joomla 3.9.4?
Joomla 3.9.3 includes four security vulnerability fixes, and several bug fixes and improvements.
Security Issues Fixed
- High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3)
- Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3)
- Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3)
- Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3)
Bug fixes and Improvements
- User Terms and Privacy Consent plugins: Layouts for the label and message added
- Featured articles: Page subheading added
- Custom formfield layout paths simplified
- Com_contact: Contact name field moved out of the Contact Information block
- Custom module: Improvement of the frontend editing
- Action Logs improvement: Cache and Purge/Export actions are now logged
Get more detail of bug fixes from GitHub.