Joomla! 3.9.23 Security Release announced
Release date: 24 November 2020.
Joomla! 3.9.23 is a SECURITY FIX which addresses SEVEN vulnerabilities.
This release implements changes to make the Joomla! CMS ready for PHP 8 (to be released on November 26th 2020).
See the Release Notes at the link below.
Read more: Joomla! 3.9.23 Release News.
Addressed Vulnerabilities
Low Priority
High Impact - Write ACL violation in multiple core views (affecting Joomla! 2.5.0 through 3.9.22).
Moderate Impact - Disclosure of secrets in Global Configuration page (affecting Joomla! 2.5.0 through 3.9.22).
Moderate Impact - Path traversal in mod_random_image (affecting Joomla! 2.5.0 through 3.9.22).
High Impact - SQL injection in com_users list view (affecting Joomla! 3.0.0 through 3.9.22).
Low Impact - User Enumeration in backend login (affecting Joomla! 3.9.0 through 3.9.22).
Low Impact - CSRF in com_privacy emailexport feature (affecting Joomla! 3.9.0 through 3.9.22).
High Impact - Write ACL violation in multiple core views (affecting Joomla! 1.7.0 through 3.9.22).
Back up before updating is highly recommended
Protect your assets.
Perform a FULL backup of your website (database and files) BEFORE updating the Joomla! CMS and/or its extensions.
Read more: How to back up your website.
Read more: How to update your Joomla! CMS & its extensions.