Joomla 3.9.20 Released

Joomla 3.9.20 is now available. This is a security release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains over 25 bug fixes and improvements.

What's in 3.9.20?
Joomla 3.9.20 includes 6 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

• Low Priority - Core - CSRF in com_installer ajax_install endpoint (affecting Joomla! 3.7.0 through 3.9.19)
• Moderate Priority - Core - Missing checks can lead to a broken usergroups table record (affecting Joomla! 2.5.0 through 3.9.19)
• Low Priority - Core - CSRF in com_privacy remove-request feature (affecting Joomla! 3.9.0 through 3.9.19)
• Low Priority - Core - Variable tampering via user table class (affecting Joomla! 3.0.0 through 3.9.19)
• Low Priority - Core - Escape mod_random_image link (affecting Joomla! 3.0.0 through 3.9.19)
• Low Priority - Core - System Information screen could expose redis or proxy credentials (affecting Joomla! 3.0.0 through 3.9.19)

Bug fixes and Improvements

• Upload & Update tab of Joomla Update Component: Fix to allow upload of ZIP filetype only
• Local database server: Allow optional port numbers
• Beez3 Template: Markup fix for the Tabs layout of com_contact
• Beez3 Template: Allow custom field editing on frontend
• Backend cache cleared when purging updates 3

NOTE: If you are hosting with us, your sites have been updated to Joomla 3.9.20 as of 7/18/2020. If you are interested in learning more about hosting with us, please contact us or reply to this forum post.