Contao news

Read the official Contao announcements.

Contao 3.4.4 is available

by

Contao version 3.4.4 is available. The bugfix release fixes a directory traversal vulnerability discovered by Arnaud Buchoux of Orange Consulting (see CVE-2015-0269).

The vulnerability allows logged in back end users to view files which are outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content. Upgrading is still highly recommended.

Also see: GitHub tickets | GitHub compare view | Contao changelog | Release overview

Back to news overview.

Comments

Add a comment

What is the sum of 2 and 1?