Contao news

Read the official Contao announcements.

by – Security

David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4. The security vulnerability has the identifier CVE-2019-11512.

by – Security

On April 30th, 2019, we will release an update for Contao 4.4 and 4.7, which fixes a security vulnerability.

by – Security

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. The security vulnerability has the identifier CVE-2019-10643.

by – Security

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7. The security vulnerability has the identifier CVE-2019-10642.

by – Security

Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. The security vulnerability has the identifier CVE-2019-10641.

by – Security

On April 9th, 2019, we will release updates for Contao 3.5, 4.4 and 4.7, which fix several security vulnerabilities.

by – Current issue

Every year, the Contao Core development team meets twice for a short code sprint of three days.

by – Announcement

Contao version 4.7.0 is available. The release contains new features such as native fonts in the back end, drag and drop in the template editor, an opt-in service, an improved front end preview bar, additional SEO settings for news and events and a lot more.

by – Security

CVE-2018-20028 identifies a security vulnerability in Contao, which allows logged in back end users to view records that have not been enabled for them.

by – Announcement

Contao Manager version 1.1.0 is available. The release contains a new System Recovery feature, advanced installation options and improved package search results.

News archive