Joomla 3.9.21 has been released. This is a security release for Joomla 3.x series which addresses 3 security vulnerabilities and contains over 20 bug fixes and improvements.
Our Joomla templates are compatible with this joomla version so you may update to latest Joomla 3.9.21 now.
Joomla 3.9.21 Security Issue Fixed
- Low Priority - Core - XSS in mod_latestactions (affecting Joomla! 3.9.0 through 3.9.20) More information »
- Low Priority - Core - Open redirect in com_content vote feature (affecting Joomla! 3.0.0 through 3.9.20) More information »
- Low Priority - Core - Directory traversal in com_media (affecting Joomla! 2.5.0 through 3.9.20) More information »
Joomla 3.9.21 Bug Fix and Improvements
- TinyMCE updated #30329
- CodeMirror updated #30370
- Upload Package File / Joomla Update : Upload file size check added #30190 #29895
- Actions Log: Log an event when Joomla is updated #30157
Core - Open redirect in com_content vote feature
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0-3.9.20
Exploit type: Open Redirect
Reported Date: 2020-July-05
Fixed Date: 2020-August-25
CVE Number: CVE-2020-24598
Description
Lack of input validation in com_content leads to an open redirect.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.20
Solution
Upgrade to version 3.9.21
Core - Directory traversal in com_media
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0-3.9.20
Exploit type: Directory Traversal
Reported Date: 2020-February-02
Fixed Date: 2020-August-25
CVE Number: CVE-2020-24597
Description
Lack of input validation allows com_media root paths outside of the webroot.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.20
Solution
Upgrade to version 3.9.21
Core - XSS in mod_latestactions
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.9.0-3.9.20
Exploit type: XSS
Reported Date: 2020-August-21
Fixed Date: 2020-August-25
CVE Number: CVE-2020-24599
Description
Lack of escaping in mod_latestactions allows XSS attacks.
Affected Installs
Joomla! CMS versions 3.9.0 - 3.9.20
Solution
Upgrade to version 3.9.21
Visit GitHub for the full list of bug fixes.
New Installations
Upgrade Packages
Before updating, please read the update instructions. Don't forget to clear browser's cache after upgrading.