Contao version 4.8.0 is available. The release contains new features such as deferred image resizing, 2-factor authentication in the front end, splash screens for YouTube and Vimeo videos, service tagging with annotations and a lot more.
Over the last week of June, the thermometers were reading high all over Europe. Meteorologists nationwide agreed that the heat could break records.
On 31 May 2019 the LTS period of Contao 3.5 expired. In this article I'll summarize what exactly that means. We have also decided to open our Slack workspace to everyone as an alternative to IRC which is not widely used in business.
CVE ID: CVE-2019-11512
The search menu of the file manager is vulnerable to SQL injections. The problem affects all Contao versions as of Contao 4.1 and has been fixed in Contao 4.4.39 and 4.7.5.
On April 30th, 2019, we will release an update for Contao 4.4 and 4.7, which fixes a security vulnerability.
CVE ID: CVE-2019-10643
Confirming an opt-in token does not invalidate previous opt-in tokens. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.
CVE ID: CVE-2019-10642
The request token check can be bypassed. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.
CVE ID: CVE-2019-10641
User sessions are not invalidated if a user changes their password. The problem affects all Contao versions and has been fixed in Contao 3.5.39, 4.4.37 and 4.7.3.
On April 9th, 2019, we will release updates for Contao 3.5, 4.4 and 4.7, which fix several security vulnerabilities.
Every year, the Contao Core development team meets twice for a short code sprint of three days.