- [20200706] - Core - System Information screen could expose redis or proxy credentials
- [20200705] - Core - Escape mod_random_image link
- [20200704] - Core - Variable tampering via user table class
- [20200703] - Core - CSRF in com_privacy remove-request feature
- [20200702] - Core - Missing checks can lead to a broken usergroups table record
- [20200701] - Core - CSRF in com_installer ajax_install endpoint
- [20200604] - Core - XSS in jQuery.htmlPrefilter
- [20200605] - Core - CSRF in com_postinstall
- [20200603] - Core - XSS in com_modules tag options
- [20200602] - Core - Inconsistent default textfilter settings