News about Contao

Read the official Contao announcements.

Contao 4.4.8 is available

by Leo Feyer

Contao version 4.4.8 is available. The bugfix release fixes a SQL injection vulnerability in the back end as well as in the listing bundle.

CVE-2017-16558

Both the search filter in the back end and the "listing" module in the front end are vulnerable. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone.

The problem affects Contao 3.0.0 to 3.5.30 and Contao 4.0.0 to 4.4.7.

We strongly recommend to update, especially if you are using the listing bundle.

Also see: Core tickets | Version comparison | Core change log | Release overview

Back to news overview.

Add a comment

Please calculate 5 plus 1.

Livres et vidéos