Joomla 3.9.23 Release

What's in 3.9.23?

Joomla 3.9.23 includes 7 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

  • [20201101] Low Priority - High Impact - Write ACL violation in multiple core views (affecting Joomla! 2.5.0 through 3.9.22) More information »
  • [20201102] Low Priority - Moderate Impact - Disclosure of secrets in Global Configuration page (affecting Joomla! 2.5.0 through 3.9.22) More information »
  • [20201103] Low Priority - Moderate Impact - Path traversal in mod_random_image (affecting Joomla! 2.5.0 through 3.9.22) More information »
  • [20201104] Low Priority - High Impact - SQL injection in com_users list view (affecting Joomla! 3.0.0 through 3.9.22) More information »
  • [20201105] Low Priority - Low Impact - User Enumeration in backend login (affecting Joomla! 3.9.0 through 3.9.22) More information »
  • [20201106] Low Priority - Low Impact - CSRF in com_privacy emailexport feature (affecting Joomla! 3.9.0 through 3.9.22) More information »
  • [20201107] Low Priority - High Impact - Write ACL violation in multiple core views (affecting Joomla! 1.7.0 through 3.9.22) More information »

Bug fixes and Improvements

In order to get Joomla ready for PHP 8 (to be released on November 26th, 2020), Joomla 3.9.23 includes fixes to ensure PHP 8 compatibility (see #31246#30608#30582#29353#30922#31444#31434#31442#31445).

  • TinyMCE updated #30329
  • Fix for frontend module editing permissions #30778
  • Fix for the lost of transparency when cropping/resizing images #30977
  • Validation rule added for the redirect header field #31016

Visit GitHub for the full list of bug fixes.

  • 0
  • 0
  • 0
  • 0
  • 0
  • 0

Additional Info

Rate this item
(1 Vote)
Last modified on Wednesday, 25 November 2020 10:11