Read the official Contao announcements.
Contao 3.2.6 is available
by Leo Feyer
Contao version 3.2.6 is available. The bugfix release fixes another security hole related to the PHP object injection vulnerability, which was still exploitable in the Contao back end in version 3.2.5.
The new patch is based on a general hardening of the
deserialize() function and thus not only secures the core but also potentially affected third-party extensions. The update is highly recommended!
Back to the news overview.