Skip to main content
Blog

Joomla 5.3.4 security release

01 October 2025

On Tuesday, September 30, 2025, Joomla 5.3.4 was released. This is a security release in the 5.x series to fix two security issues and several bugs.

Because this security flaw was also present in Joomla 4.4.13, and that version is still supported, a security update was released at the same time: Joomla 4.4.14.

What’s included in the Joomla 5.3.4 security release

Some key fixes are:

  • [20250901] - Core - Inadequate content filtering within the checkAttribute filter code
    Attackers could inject malicious code into website content that runs in visitors’ browsers.
  • [20250902] - Core - User-Enumeration in passkey authentication method
    Hackers could test login requests to find out whether a username exists on your site.

Both security issues are resolved by updating Joomla to the latest version (4.4.14 or 5.3.4).

Which bugs are fixed in the Joomla 5.3.4 update?

  • [5.3] Update Icon of Miscellaneous Information in Contact [46067]
  • [5.3] Fix deploy_version typo in com_scheduler [46085]
  • [5.3] Fix for in the build process wrongly removed copyright messages [46146]
  • [5.3] Restored Article Version Now Properly Checked Out to Current User [45597]
  • [5.3] DELETE request returns a 204 when an item doesn't exist [45589]
  • [5.3] Set http status header for XML/feed responses [45419]
  • [5.3] Update TinyMCE from 6.8.5 to 6.8.6 to fix TinyMCE issue with cursor placement [45987]
  • [5.3] Joomla Dialog add support for aria-label [46090]
  • [5.3] Add check if certain fields exist in versioning before using them [46009]
  • [5.3] Update joomla/filesystem package to fix extension uploads when post_max_size is 0 [45986]
  • [5.3] Enhance header handling in transport classes to support array values [46078]
  • [5.3] Composer update joomla/oauth2 to 3.0.2 to fix case insensitive OAuth2Client authentication [46132]
  • [5.3] Security updates for composer and npm dependencies for the upcoming 5.3.4 release [45984]

A full list of changes can be found in the 5.3.4 milestone on GitHub.

Need help updating or migrating to Joomla 5.3? Contact us!

Other articles

Correspondence

db8 Website Support
Galiciestraat 35
6663 NR Lent
The Netherlands

+31 85 301 48 28
support at db8 dot nl
+31 6 44 214 500 (urgent)

Nijmegen Office

NYMA makersplaats, Unit 69
Winselingseweg 16
6541 AK Nijmegen
Netherlands

By appointment
Monday to Friday
09:00 - 17:00 (5pm)
(Time zone: Central European Time)

Acquisition is
not appreciated

© db8.nl. All rights reserved.