Search:

Lots of new things in the new year and even more tried and tested things.


Read more about 'Contao Two Month Review January and February 2021'...

Contao version 4.11.0 is available. The release includes new features such as PHP 8 and Symfony 5 support, dynamic XML sitemaps, a simplified way to customize the back end, a new "figure" insert tag,...

Roughly four months have passed since the last major update of the Contao Manager. With version 1.4 we expect to bring you a big performance boost.


Read more about 'Contao Manager 1.4'...

In this review, we look back at the last two months as well as the entire last year. Sit back and review the past year in Contao news.


Read more about 'Contao Two Month Review November and...

There is nothing like a well maintained system.


Read more about 'Contao Two Month Review September and October 2020'...

There is nothing like a well maintained system.


Read more about 'Contao Two Month Review September und October 2020'...

Contao 4.4.52, 4.9.6 and 4.10.1 are available. The releases fix the security vulnerability CVE-2020-25768.


Read more about 'Contao 4.4.52, 4.9.6 and 4.10.1 are available'...

We're happy to announce the immediate availability of Contao Manager version 1.3.0. Improvements for installation and update will simplify the maintenance of Contao.


Read more about 'Contao...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the second Contao Core Developers Meeting 2020'...

On September 24th, 2020, we will release an update for Contao 4.4, 4.9 and 4.10 which fixes a security vulnerability.


Read more about 'Security update on September 24th, 2020'...

In the past two months, we have been working hard to continue the success story of Contao.


Read more about 'Contao Two Month Review July and August 2020'...

Contao version 4.10.0 is available. The release contains new features such as an improved routing, mailer transports, enhanced simple tokens, featured events, an improved search, new insert tags, a...

Last November we announced the new Contao documentation and it's time to say a few words about it and hopefully get more contributors on board.


Read more about 'The state of the documentation'...

A very nice day, we welcome you to our new TV program and wish you excellent reception.


Read more about 'Contao Two Month Review May and June 2020'...

The world stands still, and yet - or perhaps because of it - a lot has happened in the Contao environment.


Read more about 'Contao Two Month Review March and April 2020'...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the first Contao Core Developers Meeting 2020'...

What lasts long, finally gets better.


Read more about 'Contao Two Month Review January and February 2020'...

Contao version 4.9.0 is available. The release contains new features such as a crawler, a SERP widget, dynamic favicon.ico and robots.txt files, image lazy loading, backup codes and trusted devices...

It was an eventful year for Contao in all respects, and we quietly bid it farewell.


Read more about 'Contao Two Month Review November and December 2019'...

Contao 4.4.46 and 4.8.6 are available. The releases fix the security vulnerabilities CVE-2019-19745, CVE-2019-19712 and CVE-2019-19714.


Read more about 'Contao 4.4.46 and 4.8.6 are available'...

On December 17th, 2019, we will release security updates for Contao 4.4 and 4.8.


Read more about 'Security update on December 17th, 2019'...

Autumn is here and with it comes the beautiful colors of the leaves in the forest. But, with each new version, Contao gets an even more colorful set of enhancements.


Read more about 'Contao Two...

Just in time for the Contao Conference 2019 in Duisburg (Germany), the Contao Manager version 1.2.0 was released. As expected, this version contains many new and interesting features.


Read more...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the second Contao Core Developers Meeting 2019'...

There are some exciting prospects ahead - and not just in retrospect.


Read more about 'Contao Two Month Review July and August 2019'...

Date: 2019-04-09
CVE ID: CVE-2019-10643
Confirming an opt-in token does not invalidate previous opt-in tokens. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.


Read more...

Date: 2019-04-30
CVE ID: CVE-2019-11512
The search menu of the file manager is vulnerable to SQL injections. The problem affects all Contao versions as of Contao 4.1 and has been fixed in Contao...

Date: 2019-04-09
CVE ID: CVE-2019-10642
The request token check can be bypassed. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.


Read more about 'Bypassing the request...

Date: 2019-04-09
CVE ID: CVE-2019-10641
User sessions are not invalidated if a user changes their password. The problem affects all Contao versions and has been fixed in Contao 3.5.39, 4.4.37 and...

Date: 2018-04-18
CVE ID: CVE-2018-10125
The system log is vulnerable to cross site scripting in the back end. The problem affects all Contao versions and has been fixed in Contao 3.5.34, 4.4.17...

Date: 2018-09-18
CVE ID: CVE-2018-17057
A vulnerability in TCPDF allows for arbitrary code execution. The problem affects all Contao versions and has been fixed in Contao 3.5.36, 4.4.25 and 4.6.4....

Date: 2018-12-13
CVE ID: CVE-2018-20028
Logged in back end users can view records which have not been enabled for them. The problem affects all Contao versions and has been fixed in Contao 3.5.37,...

Contao version 4.8.0 is available. The release contains new features such as deferred image resizing, 2-factor authentication in the front end, splash screens for YouTube and Vimeo videos, service...

On 31 May 2019 the LTS period of Contao 3.5 expired. In this article I'll summarize what exactly that means. We have also decided to open our Slack workspace to everyone as an alternative to IRC...

Over the last week of June, the thermometers were reading high all over Europe. Meteorologists nationwide agreed that the heat could break records.


Read more about 'Contao Two Month Review May...

David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4....

On April 30th, 2019, we will release an update for Contao 4.4 and 4.7, which fixes a security vulnerability.


Read more about 'Security update on April 30th, 2019'...

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7. The security vulnerability has the identifier CVE-2019-10642.


Read more about 'Security...

Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. The security vulnerability has the...

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. The security vulnerability has the identifier CVE-2019-10643.
...

On April 9th, 2019, we will release updates for Contao 3.5, 4.4 and 4.7, which fix several security vulnerabilities.


Read more about 'Security update on April 9th, 2019'...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the first Contao Core Developers Meeting 2019'...

Contao version 4.7.0 is available. The release contains new features such as native fonts in the back end, drag and drop in the template editor, an opt-in service, an improved front end preview bar,...

CVE-2018-20028 identifies a security vulnerability in Contao, which allows logged in back end users to view records that have not been enabled for them.


Read more about 'Security vulnerability...

Contao Manager version 1.1.0 is available. The release contains a new System Recovery feature, advanced installation options and improved package search results.


Read more about 'Contao Manager...

CVE-2018-17057 identifies a security vulnerability in TCPDF, which also affects Contao.


Read more about 'Security vulnerability CVE-2018-17057'...

Contao version 3.5.36 is available. The bugfix release fixes a code execution vulnerability when generating PDFs (CVE-2018-17057).


Read more about 'Contao 3.5.36 is available'...

Contao version 4.6.0 is available. The release contains new features such as 2-factor authentication in the back end, drag and drop in the file manager, extended video support and automatic cache...

Contao version 4.5.10 is available. The bugfix release restores the compatibility with Symfony 3.4.12.


Read more about 'Contao 4.5.10 is available'...

Contao version 4.4.20 is available. The bugfix release restores the compatibility with Symfony 3.4.12.


Read more about 'Contao 4.4.20 is available'...

Contao version 4.5.9 is available. The bugfix release fixes several minor problems and optimizes the RAM usage when generating XML sitemaps.


Read more about 'Contao 4.5.9 is available'...

Contao version 4.4.19 is available. The bugfix release fixes several minor problems and optimizes the RAM usage when generating XML sitemaps.


Read more about 'Contao 4.4.19 is available'...

Contao version 3.5.35 is available. The bugfix release fixes an XSS vulnerability in the system log of the back end (CVE-2018-10125).


Read more about 'Contao 3.5.35 is available'...

Contao version 4.4.18 is available. The bugfix release fixes an XSS vulnerability in the system log of the back end (CVE-2018-10125).


Read more about 'Contao 4.4.18 is available'...

Contao version 4.5.8 is available. The bugfix release fixes an XSS vulnerability in the system log of the back end (CVE-2018-10125).


Read more about 'Contao 4.5.8 is available'...

Contao version 4.4.17 is available. The bugfix release fixes a few minor issues including a problem with rendering custom layout sections.


Read more about 'Contao 4.4.17 is available'...

Contao version 4.5.7 is available. The bugfix release fixes a few minor issues including a problem with validating the request token and a problem with rendering custom layout sections.


Read...

Contao version 4.4.16 is available. The bugfix release fixes a problem with the page picker in TinyMCE.


Read more about 'Contao 4.4.16 is available'...

Contao version 4.5.6 is available. The bugfix release fixes a problem with new installations with InnoDB without large prefixes.


Read more about 'Contao 4.5.6 is available'...

Contao version 4.5.5 is available. The bugfix release fixes problems with using InnoDB without the innodb_large_prefix option.


Read more about 'Contao 4.5.5 is available'...