Joomla 3.9.16 Release

Joomla 3.9.16 is now available. This is a security release for the 3.x series of Joomla which addresses six security vulnerabilities and contains over 20 bug fixes and improvements.

What's in 3.9.16?

Joomla 3.9.16 includes 6 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed

• Low Priority - Core - SQL injection in Featured Articles menu parameters (affecting Joomla 1.7.0 through 3.9.15) More information »
• Low Priority - Core - CSRF in com_templates image actions (affecting Joomla 3.2.0 through 3.9.15) More information »
• Low Priority - Core - XSS in Protostar and Beez3 (affecting Joomla 3.0.0 through 3.9.15) More information »
• Low Priority - Core - Incorrect Access Control in com_templates (affecting Joomla 2.5.0 through 3.9.15) More information »
• Low Priority - Core - Identifier collisions in com_users (affecting Joomla 3.0.0 through 3.9.15) More information »
• Low Priority - Core - Incorrect Access Control in com_fields SQL field (affecting Joomla 3.7.0 through 3.9.15) More information »

Bug fixes and Improvements

• Link rel attributes: ‘noopener’ attributes #28005, ‘sponsored’ and ‘ugc’ attributes #28055 
• Fields - Imagelist: Correct the display of the folder structure #16708
• Popular Tags Module fix #27745
• User - Contact Creator plugin: catid fixed #27949

Visit GitHub for the full list of bug fixes.