Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.
What's in 3.9.5?
Joomla 3.9.5 includes three security vulnerabilities fixes and several bugs and improvements, including:
Security Issues Fixed
- Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) More information »
- High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) More information »
- Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) More information »
Bug fixes and Improvements
- User Password: Add minimum lowercase rule for password validation #24230
- Associations tab: Fix wrong behaviour of Indonesian language #24244
- Debug language: Fix User Actions Log Manager #24178
- New installation language: Kazakh #24233
- Google Authenticator plugin (2FA): QR-code generator implemented #24255
Visit GitHub for the full list of bug fixes.
New InstallationsDownload Joomla 3.9.5
English (UK), 3.9.5 Full Package
Upgrade PackagesUpgrade Packages
Joomla 3 upgrade packages
Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.5 release.