Joomla 3.9.25

Joomla 3.9.25 is now available. This is a security release for the 3.x series of Joomla which addresses 9 security vulnerabilities and contains more than 40 bug fixes and improvements.

What’s in 3.9.25?

Joomla 3.9.25 includes 9 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

  • [20210301] Low Severity – Low Impact – Insecure randomness within 2FA secret generation (affecting Joomla! 3.2.0 through 3.9.24) More information »
  • [20210302] Low Severity – Low Impact – Potential Insecure FOFEncryptRandval (affecting Joomla! 3.2.0 through 3.9.24) More information »
  • [20210303] Low Severity – Moderate Impact – XSS within alert messages showed to users (affecting Joomla! 2.5.0 through 3.9.24) More information »
  • [20210304] Low Severity – Moderate Impact – XSS within the feed parser library (affecting Joomla! 2.5.0 through 3.9.24) More information »
  • [20210305] Low Severity – Low Impact – Input validation within the template manager (affecting Joomla! 3.2.0 through 3.9.24) More information »
  • [20210306] Low Severity – Moderate Impact – com_media allowed paths that are not intended for image uploads (affecting Joomla! 3.0.0 through 3.9.24) More information »
  • [20210307] Low Severity – Moderate Impact – ACL violation within com_content frontend editing (affecting Joomla! 3.0.0 through 3.9.24) More information »
  • [20210308] Low Severity – Moderate Impact – Path Traversal within joomla/archive zip class (affecting Joomla! 3.0.0 through 3.9.24) More information »
  • [20210309] Low Severity – Moderate Impact – Inadequate filtering of form contents could allow to overwrite the author field (affecting Joomla! 1.6.0 through 3.9.24) More information »

Bug fixes and Improvements

  • Fix Save as Copy tag #32454
  • Fix published attribute for Tag field #32332
  • Fix batch menu items #32380
  • Stream transport should enable verify_peer_name when possible #16501
  • Optimize the code for rename incorrectly cased files on update #32176
  • Addional PHP 8 improvments #31977 #32374

Visit GitHub for the full list of bug fixes.

Download

A Huge Thank You to Our Volunteers!

A big thank you goes out to everyone that contributed to the 3.9 releases!

Make the next Joomla release even better

Download the upcoming releases from the nightly build page (for testing purposes only – do not use on production sites).
Want an even easier option? Get yourself over to launch.joomla.org – where you can also test Joomla 4.0 with just one click – no testing environment needed, nothing to install or set up (at all).


Translations

Similar Posts