Contao news

Read the official Contao announcements.

Contao 2.11.16 is available


Contao version 2.11.16 is available. The bugfix release fixes more security holes related to the PHP object injection vulnerability, which was discovered in Contao in February, 2014.

Please be assured that we are not releasing updates for the sake of releasing updates. A number of well-known Contao developers have spend several hours together to find an optimal compromise between security and backwards compatibility. Unfortunately, the attack scenario is rather complex, so new ways to exploit the vulnerability kept appearing. We have now chosen a very restrictive hardening approach which hopefully solves the problem.

Back to the news overview.


Comment by jones |

Wow! Nice set of updates this week for contao 2.11 series. We still use it many projects so im glad. ;)

Add a comment

Please add 6 and 2.