Contao news

Read the official Contao announcements.

Contao 3.5.32 is available

by Leo Feyer – Announcements

Contao version 3.5.32 is available. The bugfix release fixes an XSS vulnerability in the newsletter extension (CVE-2018-5478).

CVE-2018-5478

The vulnerability is in the "unsubscribe" module of the newsletter extension and can easily be exploited by anyone in the front end. We therefore strongly recommend you to update.

The problem affects Contao 2.0.0 to 3.5.31.

If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.

Also see: Tickets | Version comparison | Change log | Release overview

Show all news

Comments

Add a comment

Please calculate 4 plus 2.