Joomla 3.9.23 is Out
Joomla 3.9.23 is available and it’s a security release. Since a few security issues and bugs have been resolved, we’re considering this a security fix and we recommend all Joomla website owners have this upgrade done.
What's in 3.9.23?
Joomla 3.9.23 is a security release for the 3.x series of Joomla which addresses 7 security vulnerabilities and contains more than 35 bug fixes and improvements.
Joomla! 3.9.23 Release (joomla.org)
Security Issues Fixed
- Low Priority - High Impact - com_finder ignores access levels on autosuggest (affecting Joomla! 2.5.0 through 3.9.22
- Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page (affecting Joomla! 2.5.0 through 3.9.22)
- Low Priority - Moderate Impact - Path traversal in mod_random_image (affecting Joomla! 2.5.0 through 3.9.22)
- Low Priority - High Impact - SQL injection in com_users list view (affecting Joomla! 3.0.0 through 3.9.22)
- Low Priority - Low Impact - User Enumeration in backend login (affecting Joomla! 3.9.0 through 3.9.22)
- Low Priority - Low Impact - CSRF in com_privacy emailexport feature (affecting Joomla! 3.9.0 through 3.9.22)
- Low Priority - High Impact - Write ACL violation in multiple core views (affecting Joomla! 1.7.0 through 3.9.22)
Bug fixes and Improvements
- TinyMCE updated
- Fix for frontend module editing permissions
- Fix for the lost of transparency when cropping/resizing images
- Validation rule added for the redirect header field
The previous release was on October 07, 2020.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.