What's in 3.9.20?
Joomla 3.9.20 includes 6 security vulnerability fixes and addresses several bugs, including:
Security Issues Fixed
- Low Priority - Core - CSRF in com_installer ajax_install endpoint (affecting Joomla! 3.7.0 through 3.9.19) More information »
- Moderate Priority - Core - Missing checks can lead to a broken usergroups table record (affecting Joomla! 2.5.0 through 3.9.19) More information »
- Low Priority - Core - CSRF in com_privacy remove-request feature (affecting Joomla! 3.9.0 through 3.9.19) More information »
- Low Priority - Core - Variable tampering via user table class (affecting Joomla! 3.0.0 through 3.9.19) More information »
- Low Priority - Core - Escape mod_random_image link (affecting Joomla! 3.0.0 through 3.9.19) More information »
- Low Priority - Core - System Information screen could expose redis or proxy credentials (affecting Joomla! 3.0.0 through 3.9.19) More information »
- Upload & Update tab of Joomla Update Component: Fix to allow upload of ZIP filetype only #29877
- Local database server: Allow optional port numbers #29567
- Beez3 Template: Markup fix for the Tabs layout of com_contact #29636
- Beez3 Template: Allow custom field editing on frontend #29577
- Backend cache cleared when purging updates #29603
Download
Full announcement + download links: https://www.joomla.org/announcements/re ... -9-20.html
Discussion Forum: viewtopic.php?f=9&t=981066