Contao news

Read the official Contao announcements.

Contao 4.4.18 is available

by Leo Feyer – Announcements

Contao version 4.4.18 is available. The bugfix release fixes an XSS vulnerability in the system log of the back end (CVE-2018-10125).


With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to 4.5.7. We highly recommend you to update.

Also see: Core tickets | Version comparison | Core change log | Release overview

Show all news


Add a comment

Please calculate 3 plus 8.