Contao version 3.3.beta1 is available. Please do not use beta versions for productional websites! Download the release to check whether your website or custom extension needs adaptation.

Contao version 3.2.9 is available. The bugfix release fixes a critical security hole in the install tool, which allows to execute arbitrary code on the server.

Contao version 2.11.17 is available. The bugfix release fixes a critical security hole in the install tool, which allows to execute arbitrary code on the server.

This afternoon, a new security hole has been found in Contao and unfortunately, it has been published right away instead of giving us a heads up and time to release a patch.

Contao version 3.2.8 is available. The bugfix release fixes several minor problems, e.g. the broken "continuous" support of the content element slider or the sorting of the elements of the page/filetree widget in "edit multiple" mode.

Contao version 3.2.7 is available. The bugfix release fixes more security holes related to the PHP object injection vulnerability, which was discovered in Contao in February, 2014.

Contao version 2.11.16 is available. The bugfix release fixes more security holes related to the PHP object injection vulnerability, which was discovered in Contao in February, 2014.

Contao version 3.2.6 is available. The bugfix release fixes another security hole related to the PHP object injection vulnerability, which was still exploitable in the Contao back end in version 3.2.5.

Contao version 2.11.15 is available. The bugfix release fixes another security hole related to the PHP object injection vulnerability, which was still exploitable in the Contao back end in version 2.11.14.

Unfortunately, there is now an exploit for the potential PHP object injection vulnerability, which we have prophylactically fixed with the latest updates to Contao 3.2.5 and 2.11.14.