Joomla! 3.9.4 Security Release announced
Joomla! 3.9.4 is a Security Release which addresses FOUR security vulnerabilities.
One of these vulnerabilities is labelled as being of HIGH Priority.
This release also includes several improvements.
More details at the following link.
Core - Missing ACL check in sample data plugins (affecting Joomla 3.8.0 through 3.9.3)
Core - XSS in com_config JSON handler (affecting Joomla 3.2.0 through 3.9.3)
Core - XSS in item_title layout (affecting Joomla 3.0.0 through 3.9.3)
Core - XSS in media form field (affecting Joomla 3.0.0 through 3.9.3)
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.