Joomla 3.9.5 is here - a security and bug fixes release!
The Joomla project team has recently released version 3.9.5 that addresses three security vulnerabilities fixes and several bugs and improvements.
Security Issues Fixed
- Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4)
- High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4)
- Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4)
Bug fixes and Improvements
- User Password: Add minimum lowercase rule for password validation
- Associations tab: Fix wrong behaviour of Indonesian language
- Debug language: Fix User Actions Log Manager
- New installation language: Kazakh
- Google Authenticator plugin (2FA): QR-code generator implemented
Community Builder 2.4.1 (latest build) and all Joomlapolis add-ons work just fine with Joomla 3.9.5. You can see everything in action on our demo site.
The Joomla 3.9.5 is a highly recommended upgrade for all Joomla 3.x series sites - you should upgrade immediately.
As always, before any Joomla upgrade on your live website, take a backup just in case anything goes wrong.
You can learn more about the fixed bugs by reading the Joomla 3.9.5 announcement.