Joomla 3.9.16 is now available. This is a security release for the 3.x series of Joomla which addresses six security vulnerabilities and contains over 20 bug fixes and improvements.
What's in 3.9.16?
Joomla 3.9.16 includes 6 security vulnerability fixes and addresses several bugs, including:
Security Issues Fixed
- Low Priority - Core - SQL injection in Featured Articles menu parameters (affecting Joomla 1.7.0 through 3.9.15) More information »
- Low Priority - Core - CSRF in com_templates image actions (affecting Joomla 3.2.0 through 3.9.15) More information »
- Low Priority - Core - XSS in Protostar and Beez3 (affecting Joomla 3.0.0 through 3.9.15) More information »
- Low Priority - Core - Incorrect Access Control in com_templates (affecting Joomla 2.5.0 through 3.9.15) More information »
- Low Priority - Core - Identifier collisions in com_users (affecting Joomla 3.0.0 through 3.9.15) More information »
- Low Priority - Core - Incorrect Access Control in com_fields SQL field (affecting Joomla 3.7.0 through 3.9.15) More information »
Bug fixes and Improvements
- Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ and ‘ugc’ attributes #28055
- Fields - Imagelist: Correct the display of the folder structure #16708
- Popular Tags Module fix #27745
- User - Contact Creator plugin: catid fixed #27949
Visit GitHub for the full list of bug fixes.
Download the package here or update through your Joomla administrator interface.
