Contao Manager 1.2.0 available

Just in time for the Contao Conference 2019 in Duisburg (Germany), the Contao Manager version 1.2.0 was released. As expected, this version contains many new and interesting features.

Recap of the second Contao Core Developers Meeting 2019

Every year, the Contao Core development team meets twice for a short code sprint of three days.

Contao Two Month Review July and August 2019

There are some exciting prospects ahead - and not just in retrospect.

Contao 4.8.0 is available

Contao version 4.8.0 is available. The release contains new features such as deferred image resizing, 2-factor authentication in the front end, splash screens for YouTube and Vimeo videos, service tagging with annotations and a lot more.

Contao Two Month Review May and June 2019

Over the last week of June, the thermometers were reading high all over Europe. Meteorologists nationwide agreed that the heat could break records.

Updates regarding Contao 3 and Slack

On 31 May 2019 the LTS period of Contao 3.5 expired. In this article I'll summarize what exactly that means. We have also decided to open our Slack workspace to everyone as an alternative to IRC which is not widely used in business.

SQL injection in the file manager

Date: 2019-04-30
CVE ID: CVE-2019-11512

The search menu of the file manager is vulnerable to SQL injections. The problem affects all Contao versions as of Contao 4.1 and has been fixed in Contao 4.4.39 and 4.7.5.

Security update on April 30th, 2019

On April 30th, 2019, we will release an update for Contao 4.4 and 4.7, which fixes a security vulnerability.

Invalidating opt-in tokens

Date: 2019-04-09
CVE ID: CVE-2019-10643

Confirming an opt-in token does not invalidate previous opt-in tokens. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.

Bypassing the request token check

Date: 2019-04-09
CVE ID: CVE-2019-10642

The request token check can be bypassed. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.