News about Contao

Read the official Contao announcements.

Contao 3.5.36 is available

by

Contao version 3.5.36 is available. The bugfix release fixes a code execution vulnerability when generating PDFs (CVE-2018-17057).

CVE-2018-17057

Through a manipulated image file, a logged in back end user can implant arbitrary code which is executed when an article is exported as PDF in the front end. The vulnerability is in the external TCPDF library and has been fixed in TCPDF 6.2.22.

Also see: Tickets | Version comparison | Change log | Release overview

Back to news overview.

Add a comment

What is the sum of 7 and 7?

Livres et vidéos