News about Contao

Read the official Contao announcements.

Contao 3.2.7 is available

by Leo Feyer

Contao version 3.2.7 is available. The bugfix release fixes more security holes related to the PHP object injection vulnerability, which was discovered in Contao in February, 2014.

Please be assured that we are not releasing updates for the sake of releasing updates. A number of well-known Contao developers have spend several hours together to find an optimal compromise between security and backwards compatibility. Unfortunately, the attack scenario is rather complex, so new ways to exploit the vulnerability kept appearing. We have now chosen a very restrictive hardening approach which hopefully solves the problem.

Also see: GitHub compare view | Contao changelog | Release overview

Back to news overview.

Add a comment

Books and videos