Contao news
Read the official Contao announcements.
Contao 4.4.46 and 4.8.6 are available
by Leo Feyer – Announcements
Contao 4.4.46 and 4.8.6 are available. The releases fix the security vulnerabilities CVE-2019-19745, CVE-2019-19712 and CVE-2019-19714.
Release notes
To fully mitigate the vulnerability CVE-2019-19745, you have to examine the existing file upload fields in the form generator. If there is an upload field with a forbidden file extension, you have to assume that your installation has been compromised. In this case, review the uploaded files carefully, check the user permissions and look for suspicious log entries.
Comments
Add a comment