Contao news

Read the official Contao announcements.

Contao 3.5.35 is available

2018-04-18 10:39 by Leo Feyer – Announcements

Contao version 3.5.35 is available. The bugfix release fixes an XSS vulnerability in the system log of the back end (CVE-2018-10125).

CVE-2018-10125

With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to 4.5.7. We highly recommend you to update.

Also see: Tickets | Version comparison | Change log | Release overview

Show all news

Comments

Add a comment

News archive

2024 – 3 entries
2023 – 6 entries
2022 – 7 entries
2021 – 18 entries
2020 – 14 entries
2019 – 13 entries
2018 – 27 entries
2017 – 38 entries
2016 – 28 entries
2015 – 29 entries
2014 – 33 entries
2013 – 30 entries
2012 – 33 entries
2011 – 18 entries
2010 – 18 entries
2009 – 24 entries
2008 – 22 entries
2007 – 23 entries
2006 – 11 entries

RSS feed
Twitter
See all options