Joomla! 3.9.16 Security Release announced
Joomla! 3.9.16 is a Security Release which addresses SIX security vulnerabilities.
This release also includes several improvements.
See the Release Notes at the link below.
Core - SQL injection in Featured Articles menu parameters (affecting Joomla 1.7.0 through 3.9.15).
Core - CSRF in com_templates image actions (affecting Joomla 3.2.0 through 3.9.15).
Core - XSS in Protostar and Beez3 (affecting Joomla 3.0.0 through 3.9.15).
Core - Incorrect Access Control in com_templates (affecting Joomla 2.5.0 through 3.9.15).
Core - Identifier collisions in com_users (affecting Joomla 3.0.0 through 3.9.15).
Core - Incorrect Access Control in com_fields SQL field (affecting Joomla 3.7.0 through 3.9.15).
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.