by Leo Feyer
Contao 4.4.46 and 4.8.6 are available

Contao 4.4.46 and 4.8.6 are available. The releases fix the security vulnerabilities CVE-2019-19745, CVE-2019-19712 and CVE-2019-19714.
Release notes
To fully mitigate the vulnerability CVE-2019-19745, you have to examine the existing file upload fields in the form generator. If there is an upload field with a forbidden file extension, you have to assume that your installation has been compromised. In this case, review the uploaded files carefully, check the user permissions and look for suspicious log entries.
Add a comment