News about Contao

Read the official Contao announcements.

Contao 3.5.32 is available

by

Contao version 3.5.32 is available. The bugfix release fixes an XSS vulnerability in the newsletter extension (CVE-2018-5478).

CVE-2018-5478

The vulnerability is in the "unsubscribe" module of the newsletter extension and can easily be exploited by anyone in the front end. We therefore strongly recommend you to update.

The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle 4.0.0 to 4.0.3.

If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.

Also see: Tickets | Version comparison | Change log | Release overview

Back to news overview.

Add a comment

Please add 6 and 9.

Livres et vidéos