What's in 3.9.5?
Joomla 3.9.5 includes three security vulnerabilities fixes and several bugs and improvements, including:
Security Issues Fixed
- Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4) More information »
- High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4) More information »
- Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4) More information »
- User Password: Add minimum lowercase rule for password validation #24230
- Associations tab: Fix wrong behaviour of Indonesian language #24244
- Debug language: Fix User Actions Log Manager #24178
- New installation language: Kazakh #24233
- Google Authenticator plugin (2FA): QR-code generator implemented #24255
Full announcement + download links: https://www.joomla.org/announcements/re ... lease.html
Discussion Forum: viewtopic.php?f=9&t=971216