JEvents version 3,4,50 was released on 17 March 2019. All users are recommended to upgrade to the latest version.
Jevents 3.4.50 fixes a number of security risks present in earlier 3.4.x releases.
In the backend there was an SQL injection risk which users with permissions to administer JEvents but who are not Joomla admin users or super users could potentially exploit.
There were also a few potential XSS risks, mainly in backend, which are resolved in this release.
You can download the latest version from the download area.
Many thanks to Hackmanit GmbH for highlighting these issues.