Security update for Joomla: Version 3.9.2

A new security update for Joomla is now available, version 3.9.2. This is a security release addresses 4 security vulnerabilities and contains over 50 bug fixes and improvements.

Security Issues Fixed

  • Low Priority - Core - Stored XSS in mod_banners (affecting Joomla 2.5.0 through 3.9.1) More information »
  • Low Priority - Core - Stored XSS in com_contact (affecting Joomla 2.5.0 through 3.9.1) More information »
  • Low Priority - Core - Stored XSS issue in the Global Configuration textfilter settings (affecting Joomla 2.5.0 through 3.9.1) More information »
  • Low Priority - Core - Stored XSS issue in the Global Configuration help url (affecting Joomla 2.5.0 through 3.9.1) More information »

Bug fixes and Improvements

  • Fixes for states in com_finder (#23194), com_banners (#23193),  com_messages (#23192), com_users notes (#23191)
  • Removal of the Caching field in the languages (#23174), syndicate (#23166), random image (#23165), and login modules (#23152)
  • Editors API extended #23224
  • Menu Item Alias type: Redirection is optional #23278
  • com_media: Normalisation of uploaded file names (#23259)
  • Code cleanup and namespacing



Visit GitHub for the full list of bug fixes.

What do you think?

Send us feedback!