
Joomla 5.3.4 security release
01 October 2025
On Tuesday, September 30, 2025, Joomla 5.3.4 was released. This is a security release in the 5.x series to fix two security issues and several bugs.
Because this security flaw was also present in Joomla 4.4.13, and that version is still supported, a security update was released at the same time: Joomla 4.4.14.
What’s included in the Joomla 5.3.4 security release
Some key fixes are:
- [20250901] - Core - Inadequate content filtering within the checkAttribute filter code
Attackers could inject malicious code into website content that runs in visitors’ browsers. - [20250902] - Core - User-Enumeration in passkey authentication method
Hackers could test login requests to find out whether a username exists on your site.
Both security issues are resolved by updating Joomla to the latest version (4.4.14 or 5.3.4).
Which bugs are fixed in the Joomla 5.3.4 update?
- [5.3] Update Icon of Miscellaneous Information in Contact [46067]
- [5.3] Fix deploy_version typo in com_scheduler [46085]
- [5.3] Fix for in the build process wrongly removed copyright messages [46146]
- [5.3] Restored Article Version Now Properly Checked Out to Current User [45597]
- [5.3] DELETE request returns a 204 when an item doesn't exist [45589]
- [5.3] Set http status header for XML/feed responses [45419]
- [5.3] Update TinyMCE from 6.8.5 to 6.8.6 to fix TinyMCE issue with cursor placement [45987]
- [5.3] Joomla Dialog add support for aria-label [46090]
- [5.3] Add check if certain fields exist in versioning before using them [46009]
- [5.3] Update joomla/filesystem package to fix extension uploads when post_max_size is 0 [45986]
- [5.3] Enhance header handling in transport classes to support array values [46078]
- [5.3] Composer update joomla/oauth2 to 3.0.2 to fix case insensitive OAuth2Client authentication [46132]
- [5.3] Security updates for composer and npm dependencies for the upcoming 5.3.4 release [45984]
A full list of changes can be found in the 5.3.4 milestone on GitHub.
Need help updating or migrating to Joomla 5.3? Contact us!