Joomla! 3.9.20 Security Release announced
Joomla! 3.9.20 is a SECURITY FIX which addresses SIX vulnerabilities. ONE of these is MODERATE.
See the Release Notes at the link below.
Core - Missing checks can lead to a broken usergroups table record (affecting Joomla! 2.5.0 through 3.9.19).
Core - CSRF in com_installer ajax_install endpoint (affecting Joomla! 3.7.0 through 3.9.19).
Core - CSRF in com_privacy remove-request feature (affecting Joomla! 3.9.0 through 3.9.19).
Core - Variable tampering via user table class (affecting Joomla! 3.0.0 through 3.9.19).
Core - Escape mod_random_image link (affecting Joomla! 3.0.0 through 3.9.19).
Core - System Information screen could expose redis or proxy credentials (affecting Joomla! 3.0.0 through 3.9.19).
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.