Joomla 3.9.5 is here - a security and bug fixes release!

The Joomla project team has recently released version 3.9.5 that addresses three security vulnerabilities fixes and several bugs and improvements.

Security Issues Fixed

• Low Priority - Core - Directory Traversal in com_media (affecting Joomla 1.5.0 through 3.9.4)
• High Priority - Core - Helpsites refresh endpoint callable for unauthenticated users (affecting Joomla 3.2.0 through 3.9.4)
• Moderate Priority - Core - Object.prototype pollution in JQuery $.extend (affecting Joomla 3.0.0 through 3.9.4)

Bug fixes and Improvements

• User Password: Add minimum lowercase rule for password validation
• Associations tab: Fix wrong behaviour of Indonesian language
• Debug language: Fix User Actions Log Manager
• New installation language: Kazakh
• Google Authenticator plugin (2FA): QR-code generator implemented

Community Builder 2.4.1 (latest build) and all Joomlapolis add-ons work just fine with Joomla 3.9.5. You can see everything in action on our demo site.

The Joomla 3.9.5 is a highly recommended upgrade for all Joomla 3.x series sites - you should upgrade immediately.

As always, before any Joomla upgrade on your live website, take a backup just in case anything goes wrong.

You can learn more about the fixed bugs by reading the Joomla 3.9.5 announcement.