Contao Manager 1.2.0 available
Just in time for the Contao Conference 2019 in Duisburg (Germany), the Contao Manager version 1.2.0 was released. As expected, this version contains many new and interesting features.
Recap of the second Contao Core Developers Meeting 2019
Every year, the Contao Core development team meets twice for a short code sprint of three days.
Contao Two Month Review July and August 2019
There are some exciting prospects ahead - and not just in retrospect.
Contao 4.8.0 is available
Contao version 4.8.0 is available. The release contains new features such as deferred image resizing, 2-factor authentication in the front end, splash screens for YouTube and Vimeo videos, service tagging with annotations and a lot more.
Contao Two Month Review May and June 2019
Over the last week of June, the thermometers were reading high all over Europe. Meteorologists nationwide agreed that the heat could break records.
Updates regarding Contao 3 and Slack
On 31 May 2019 the LTS period of Contao 3.5 expired. In this article I'll summarize what exactly that means. We have also decided to open our Slack workspace to everyone as an alternative to IRC which is not widely used in business.
SQL injection in the file manager
Date: 2019-04-30
CVE ID: CVE-2019-11512
The search menu of the file manager is vulnerable to SQL injections. The problem affects all Contao versions as of Contao 4.1 and has been fixed in Contao 4.4.39 and 4.7.5.
Security update on April 30th, 2019
On April 30th, 2019, we will release an update for Contao 4.4 and 4.7, which fixes a security vulnerability.
Invalidating opt-in tokens
Date: 2019-04-09
CVE ID: CVE-2019-10643
Confirming an opt-in token does not invalidate previous opt-in tokens. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.
Bypassing the request token check
Date: 2019-04-09
CVE ID: CVE-2019-10642
The request token check can be bypassed. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.