Joomla 3.9.28 is Out
Joomla 3.9.28 is available and it’s a security release. Since a few security issues and bugs have been resolved, we’re considering this a security fix and we recommend all Joomla website owners have this upgrade done.
What's in 3.9.28?
Joomla 3.9.28 is a security release for the 3.x series of Joomla which addresses 5 security vulnerabilities and contains 15 bug fixes and improvements.
Joomla! 3.9.28 Release (joomla.org)
Security Issues Fixed
- Low Severity - Low Impact - XSS in JForm Rules field (affecting Joomla! 3.0.0 through 3.9.27)
- Low Severity - Low Impact - DoS through usergroup table manipulation (affecting Joomla! 2.5.0 through 3.9.27)
- Low Severity - Moderate Impact - Lack of enforced session termination (affecting Joomla! 2.5.0 through 3.9.27)
- Low Severity - High Impact - Privilege escalation through com_installer (affecting Joomla! 2.5.0 through 3.9.27)
- Low Severity - Moderate Impact - XSS in com_media imagelist (affecting Joomla! 3.0.0 through 3.9.27)
Bug fixes and Improvements
- Update CA certificates
- Smart Search: Fix inserting tokens to DB
- Fix search suggestions for mixed-case searches
The previous release was on May 25, 2021.
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.