Contao news
Read the official Contao announcements.
Contao 3.5.15 is available
by Leo Feyer – Announcements
Contao version 3.5.15 is available. The bugfix release fixes an XSS security vulnerability in the mediaelement.js plugin.
CVE-2016-4567
A security vulnerability in the software mediaelement.js, which allows to execute arbitrary Javascript code in Chrome, has been reported under the ID CVE-2016-4567. The security vulnerability can be exploited as part of an XSS attack, therefore updating to Contao 3.5.15 is recommended.
If you cannot update Contao, you should at least update the mediaelement.js plugin, which is located in the assets/jquery/mediaelement
folder. The security vulnerability has been fixed in version 2.21.1.
Also see: GitHub tickets | GitHub compare view | Contao changelog | Release overview
Comments
Add a comment