Contao news

Read the official Contao announcements.

Contao 4.4.46 and 4.8.6 are available

by

Contao 4.4.46 and 4.8.6 are available. The releases fix the security vulnerabilities CVE-2019-19745, CVE-2019-19712 and CVE-2019-19714.

Release notes

To fully mitigate the vulnerability CVE-2019-19745, you have to examine the existing file upload fields in the form generator. If there is an upload field with a forbidden file extension, you have to assume that your installation has been compromised. In this case, review the uploaded files carefully, check the user permissions and look for suspicious log entries.

Back to the news overview.

Comments

Add a comment

Please add 2 and 1.