The beginning of November brings us a brand-new update for the Joomla! 3.x series that addresses two new security vulnerabilities and improves the overall user experience by addressing 15 bug fixes. As of November 5th, you can download or update to the latest version, which is 3.9.4. All security vulnerabilities are considered low; however, it is still advisable to update your Joomla! installs as soon as possible to avoid any potential issues.
Category: Joomla! News
Joomla! released version 3.9.11 on August 13, 2019, to patch vulnerabilities found within versions 1.6.2 and 3.9.10. This latest security update fixes a vulnerability that allows for mail submission in disabled forms.
Prior to this patch, it was possible for anyone to submit a mail submission to a form even if it was disabled. Com_contact is activated by default in Joomla! installations. This means any user running Joomla! versions 1.6.2-3.9.10 are affected by this vulnerability. With no contacts established or the functionality is disabled, the plugin should not have the ability to send an email, however, with this particular vulnerability it can still send spam emails.