Read the official Contao announcements.
Contao 4.6.0 is available
by Leo Feyer – Announcements
Contao version 4.6.0 is available. The release contains new features such as 2-factor authentication in the back end, drag and drop in the file manager, extended video support and automatic cache invalidation.
2-factor authentication #1545
To further increase the security in the back end, Dave has implemented a 2-factor authentication, which you can use with any TOTP software such as 1password or the Google authenticator. Enabling 2-factor authentication is optional by default, however it can be enforced for all back end users by adjusting the
Drag and drop in the file manager #1394
To improve the UX in the file manager, Martin has implemented drag and drop. It is now not only possible to resort files and folders via drag and drop, but also to upload files and even whole folders by simply dragging them into the file manager.
Extended video support #1348
Nicky and Chris have enhanced the video support by adding all missing settings that are supported by Youtube and Vimeo. It is now also possible to embed videos responsively by only specifying an aspect ratio instead of fixed dimensions.
Cache invalidation #1478
Thanks to Yanick's untiring commitment, we can finally tag pages in the cache and invalidate them if something changes in the back end. If for example a new is edited in the back end, all pages in the cache containing the news are invalidated automatically – both in the news list and the news reader.
Tagging is enabled by default, so you can theoretically configure a one year cache timeout in the site structure.
Meta data for downloads #1459
Analogous to the image elements, the download element now also uses the meta data from the file manager for the text and title of the link. If necessary, the meta data can be overwritten per element.
Page "error 401" #1381
Regarding protected pages, Contao 4.6 distinguishes between the two cases "user is not authenticated" (error 401) and "user is authenticated but does not have the necessary access permissions" (error 403). Previously, the "error 403" page had been loaded in both cases.
Attention! When upgrading an existing installation to Contao 4.5, all "error 403" pages are converted to "error 401" pages automatically to not break the automatic login screen redirect.
Versioning via manifest.json #1510
Thanks to Andreas, Contao 4.6 supports versioning assest with a
manifest.json files as e.g. generated by Symfony Encore. If a bundle contains such a file in its
src/Resources/public folder, it will be loaded automatically.
Abstract fragment controllers #1376
To simplify generating fragments, Andreas has added abstract fragment controllers which you can extend in your own fragment controllers. There is one controller for content elements and one for frontend modules.
Purging unconfirmed registrations #1512
In compliance with the GDPR, Contao 4.6 automatically purges unconfirmed registrations (members) and unconfirmed subscriptions (newsletters, comments) after 24 hours. The opt-in mail text has been adjusted accordingly.
Translator insert tag #1400
In order to being able to use the Translator, which has been added in Contao 4.5, in insert tags, too, Andreas has implemented the
trans::key insert tag. You can also specify a message domain:
Marking duplicated records #586
$GLOBALS['TL_DCA'][$table]['config']['markAsCopy'] = $field; you can now specify which field will get the "(copy)" suffix when a record is duplicated.
As announced in Rückblick auf das zweite Core-Entwicklertreffen 2018, we now have a monorepo thanks to Martin, in which we maintain the contao bundles from now on. Please create all future issue reports and pull requests only in the contao/contao repository instead of in the split repositories.
Existing issue reports and pull requests do not have to be recreated.
And much more
An overview of the other changes is available in the change log.
As recommended in the Symfony best-practices, Contao 4.6 no longer depends on
symfony/symfony but on the single components such as
symfony/http-kernel. However, exinsting installations, which already contain
symfony/symfony, will keep the package unless you delete the folder
vendor/symfony/symfony before the upgrade (optional).