Joomla! 3.9.3 Security Release announced
UPDATE ASAP
Joomla! 3.9.3 is a Security Release which addresses SIX security vulnerabilities.
This release also includes several improvements.
More details at the following link.
Read more: Joomla! 3.9.3 Release News.
Addressed Vulnerabilities
Low Priority
Core - Lack of URL filtering in various core components (affecting Joomla 2.5.0 through 3.9.2).
Core - Browserside mime-type sniffing causes XSS attack vectors (affecting Joomla 1.0.0 through 3.9.2).
Core - Additional warning in the Global Configuration textfilter settings (affecting Joomla 2.5.0 through 3.9.2).
Core - Stored XSS issue in the Global Configuration help url #2 (affecting Joomla 2.5.0 through 3.9.2).
Core - XSS Issue in core.js writeDynaList (affecting Joomla 2.5.0 through 3.9.2).
Core - Implement the TYPO3 PHAR stream wrapper (affecting Joomla 2.5.0 through 3.9.2).
Post Installation Message
After updating your website's Joomla! CMS you will see a message entitled:
.htaccess & web.config Security Update.
It tells you to add a few lines of code to whichever of the above files is used by your website in order to protect against MIME - type sniffing.
If hosted on Linux Apache then the file will be .htaccess.
Want to know more about MIME-type sniffing or need help editing your website's .htaccess file?
Just ask.
Akeeba Admin Tools PRO users
Good news if you are using Admin Tools's htaccessmaker utility to create an .htaccess file for your website.
If you have included:
- Reduce MIME - type security risks = YES
when creating your .htaccess file then your website is protected against MIME - type sniffing attacks.
We recommend that all JOOMLERS use Admin Tools PRO.
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.
Read more: How to back up your website.
Read more: How to update your Joomla! CMS & its extensions.