Contao news

Read the official Contao announcements.

Contao 3.2.19 is available

by Leo Feyer – Announcements

Contao version 3.2.19 is available. The bugfix release fixes a directory traversal vulnerability discovered by Arnaud Buchoux of Orange Consulting (see CVE-2015-0269).

The vulnerability allows logged in back end users to view files which are outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content. Upgrading is still highly recommended.

Also see: GitHub tickets | GitHub compare view | Contao changelog | Release overview

Show all news


Add a comment

Please add 7 and 8.