Contao news
Read the official Contao announcements.
Contao 3.2.19 is available
by Leo Feyer – Announcements
Contao version 3.2.19 is available. The bugfix release fixes a directory traversal vulnerability discovered by Arnaud Buchoux of Orange Consulting (see CVE-2015-0269).
The vulnerability allows logged in back end users to view files which are outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content. Upgrading is still highly recommended.
Also see: GitHub tickets | GitHub compare view | Contao changelog | Release overview
Comments
Add a comment