Joomla 3.9.4 is available and it’s a security release. Since a few security issues and bugs have been resolved, we’re considering this a security fix and we recommend all Joomla website owners have this upgrade done.
Joomla 3.9.4 is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.
Joomla! 3.9.4 Release (joomla.org)
Security Issues Fixed
High Priority - Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3)
Low Priority - Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3)
Low Priority - Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3)
Low Priority - Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3)
Bug fixes and Improvements
User Terms and Privacy Consent plugins: Layouts for the label and message added
Featured articles: Page subheading added
Custom formfield layout paths simplified
Com_contact: Contact name field moved out of the Contact Information block
Custom module: Improvement of the frontend editing
Action Logs improvement: Cache and Purge/Export actions are now logged
Our Website Maintenance Department will be in contact with our clients regarding this upgrade. If you need this upgrade done on your website, please contact us.