Joomla 3.9.4 is now available. This is a security fix release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.
What's in 3.9.4?
Joomla 3.9.4 includes 4 security vulnerabilities fixes and several bugs and improvements, including:
Security Issues Fixed
- High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3) More information »
- Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3) More information »
- Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3) More information »
- Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3) More information »
Bug fixes and Improvements
- User Terms (#23787) and Privacy Consent (#23660) plugins: Layouts for the label and message added
- Featured articles: Page subheading added #23583
- Custom formfield layout paths simplified #22645
- Com_contact: Contact name field moved out of the Contact Information block #23563
- Custom module: Improvement of the frontend editing #23741
- Action Logs improvement: Cache (#22739) and Purge/Export (#22740) actions are now logged
Visit GitHub for the full list of bug fixes.
Download
New Installations
Download Joomla 3.9.4English (UK), 3.9.4 Full Package
Upgrade Packages
Upgrade PackagesJoomla 3 upgrade packages
Note: Please read the update instructions before updating.
Remember… Please clear your browser's cache after updating.
Found a bug? Report it on the Joomla Issue Tracker.
Questions? See the documentation wiki for FAQ’s regarding the 3.9.4 release.