Contao news

Read the official Contao announcements.

Contao 3.5.15 is available

by Leo Feyer – Announcements

Contao version 3.5.15 is available. The bugfix release fixes an XSS security vulnerability in the mediaelement.js plugin.

CVE-2016-4567

A security vulnerability in the software mediaelement.js, which allows to execute arbitrary Javascript code in Chrome, has been reported under the ID CVE-2016-4567. The security vulnerability can be exploited as part of an XSS attack, therefore updating to Contao 3.5.15 is recommended.

If you cannot update Contao, you should at least update the mediaelement.js plugin, which is located in the assets/jquery/mediaelement folder. The security vulnerability has been fixed in version 2.21.1.

Also see: GitHub tickets | GitHub compare view | Contao changelog | Release overview

Show all news

Comments

Add a comment

Please add 7 and 6.

News archive

Subscribe