Joomla 3.9.5 is now available. This is a security release for the 3.x series of Joomla which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements. Note before upgrading, make sure you update all third-party extensions.
What's in Joomla 3.9.5?
Joomla 3.9.5 includes three security vulnerability fixes, and several bug fixes and improvements.
Security Issues Fixed
- Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4)
- High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4)
- Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4)
Bug fixes and Improvements
- User Password: Add minimum lowercase rule for password validation
- Associations tab: Fix wrong behaviour of Indonesian language
- Debug language: Fix User Actions Log Manager
- New installation language: Kazakh
- Google Authenticator plugin (2FA): QR-code generator implemented
Get more detail of bug fixes from GitHub.