Joomla 3.9.25 Security Release

 Joomla 3.9.25 includes 9 security vulnerability fixes and addresses several bugs, including:

Security Issues Fixed
Insecure randomness within 2FA secret generation (affecting Joomla! 3.2.0 through 3.9.24)
Potential Insecure FOFEncryptRandval (affecting Joomla! 3.2.0 through 3.9.24)
XSS within alert messages showed to users (affecting Joomla! 2.5.0 through 3.9.24)
XSS within the feed parser library (affecting Joomla! 2.5.0 through 3.9.24)
Input validation within the template manager (affecting Joomla! 3.2.0 through 3.9.24)
com_media allowed paths that are not intended for image uploads (affecting Joomla! 3.0.0 through 3.9.24)
ACL violation within com_content frontend editing (affecting Joomla! 3.0.0 through 3.9.24)
Path Traversal within joomla/archive zip class (affecting Joomla! 3.0.0 through 3.9.24)
Inadequate filtering of form contents could allow to overwrite the author field (affecting Joomla! 1.6.0 through 3.9.24)

Bug fixes and Improvements
Fix Save as Copy tag #32454
Fix published attribute for Tag field #32332
Fix batch menu items #32380
Stream transport should enable verify_peer_name when possible #16501
Optimize the code for rename incorrectly cased files on update #32176
Addional PHP 8 improvments #31977 #32374