Joomla 6.0.4 bugfix & veiligheidsupdate

On Tuesday, March 31, 2026, Joomla 6.0.4 was released, together with Joomla 5.4.4. These are bugfix & security updates for the Joomla 6.x and 5.x series.

Fixed security issues in Joomla 6

• Joomla! Core - [20260301] - ACL hardening in com_ajax
  Improved access control checks in the AJAX component to prevent unauthorized actions; this reduces the risk of privilege escalation and ensures stricter permission enforcement.
• Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint
  A vulnerability that allowed malicious SQL queries via the articles API endpoint; this could expose or manipulate database data and is fixed by properly sanitizing input.
• Joomla! Core - [20260303] - XSS vector in com_associations comparison view
  A cross-site scripting issue in the language associations comparison screen; this could allow injection of malicious scripts when viewing item differences.
• Joomla! Core - [20260304] - XSS vectors in various article title outputs
  Multiple cross-site scripting vulnerabilities in how article titles are displayed; this could allow harmful scripts to run if titles were not properly escaped.
• Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
  A flaw that allowed deletion of unintended files during the update process; this could potentially remove critical files and has been restricted to safe operations only.
• Joomla! Core - [20260306] - Improper access check in webservice endpoints
  Incorrect permission validation in some API endpoints; this could allow unauthorized access to data or actions and is fixed by enforcing proper checks.

Bug fixes and improvements in Joomla 6.0.4

The biggest improvements are stability (tasks, permissions), correct API behavior and removing confusing or broken UI behavior. Some of the improvements:

• Fix stuck scheduled tasks;
  prevents one broken task from stopping all background jobs.
• Fix email validation errors;
  stops crashes when checking certain email addresses.
• Fix articles API returning placeholders;
  ensures integrations receive real content.
• Fix workflow permission warnings;
  removes backend errors in access control.
• Reset filters properly;
  fixes broken filtering in admin lists.
• Disable media edit icon when unavailable;
  prevents users clicking non-working actions.
• Fix broken assets on error pages;
  ensures error pages display correctly.
• Fix duplicate tag counts;
  prevents incorrect article counts.
• Hide Versions button when not supported;
  removes unusable interface elements.
• Fix admin sidebar icon flickering;
  removes visual glitches in the backend.

A full overview of all changes can be found in the 6.0.4 milestone on GitHub.

Upgrade to Joomla 6 explained simply

If you already use Joomla 5.4, upgrading to Joomla 6.0 is a normal upgrade, not a migration. In most cases this is fast, safe and without problems. Thanks to the compatibility plugin, most extensions will keep working.

Good preparation is still important. We advise to test the upgrade first on a local or staging environment before updating the live website. This prevents surprises and keeps your website online without interruptions.

Need help with updating or migrating to Joomla 6.0? Contact us!