Contao news

Read the official Contao announcements.

Contao 3.5.32 is available

by Leo Feyer – Announcements

Contao version 3.5.32 is available. The bugfix release fixes an XSS vulnerability in the newsletter extension (CVE-2018-5478).


The vulnerability is in the "unsubscribe" module of the newsletter extension and can easily be exploited by anyone in the front end. We therefore strongly recommend you to update.

The problem affects Contao 2.0.0 to 3.5.31.

If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.

Also see: Tickets | Version comparison | Change log | Release overview

Show all news


Add a comment

What is the sum of 2 and 1?