Search:

On Thursday, May 5th, 2022, we will release a security update for Contao 4.13.


Read more about 'Security update on May 5th, 2022'...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the first Contao Core Developers Meeting 2022'...

On February 17, the latest version of Contao Manager was released to allow the installation of Contao 4.13 LTS. Now it's time to examine on the new features.


Read more about 'Contao Manager 1.5...

The Contao partner program has existed in its current form since 2011. To better meet today's requirements, there will be some long-awaited adjustments this year.


Read more about 'Adjustment of...

Contao version 4.13.0 is available. The release includes new features like layouts for subpages, front end preview links, canonical URLs, preview images for documents, database backups via command,...

Today we take a look back - this time not on the last two months, but on the entire year of Contao in 2021.


Read more about 'Contao Two Month Review November and December 2021'...

Composer gets faster, way faster. How Yanick, Jordi and Nils managed to achieve this and how any of it is related to 30 soccer fields full of trees.


Read more about 'Composer and Contao for the...

In this short article, we will spend our time with a deep dive into the Contao universe.


Read more about 'Contao Two Month Review September and October 2021'...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the first Contao Core Developers Meeting 2021'...

In August we welcomed a new Contao version.


Read more about 'Contao Two Month Review July and August 2021'...

Contao version 4.12.0 is available. The release includes new features such as extended locale IDs, a guests group, an improved Markdown element, centralized JSON+LD management, support for Twig...

On Wednesday, August 11th, 2021, we will release security updates for Contao 4.4, 4.9 and 4.11.


Read more about 'Security updates on August 11th, 2021'...

All we did was hack away at the keyboard, but we had the stamina to run two marathons.


Read more about 'Contao Two Month Review May and June 2021'...

Contao 4.9.16 and 4.11.5 are available. The releases fix the security vulnerability CVE-2021-35210.


Read more about 'Contao 4.9.16 and 4.11.5 are available'...

Contao 4.9.15 and 4.11.4 gained a new HTTP header to block Google's new ad tracking method called Federated Learning of Cohorts.


Read more about 'Contao joins the fight against Google's FLoC'...

On Wednesday, September 23rd, 2021, we will release a security update for Contao 4.9 and 4.11. Contao 4.4 is not affected by the security vulnerability.


Read more about 'Security update on June...

In the last two months, many TV shows were produced and broadcast. We also popped some corks.


Read more about 'Contao Two Month Review March and April 2021'...

Let us polish the English user manual a bit!


Read more about 'English user manual hackathon'...

Free software is "'free' as in 'free speech,' not as in 'free beer'". Become a sponsor to support Contao finnacially.


Read more about 'Launching GitHub Sponsors for Contao'...

Lots of new things in the new year and even more tried and tested things.


Read more about 'Contao Two Month Review January and February 2021'...

Contao version 4.11.0 is available. The release includes new features such as PHP 8 and Symfony 5 support, dynamic XML sitemaps, a simplified way to customize the back end, a new "figure" insert tag,...

Roughly four months have passed since the last major update of the Contao Manager. With version 1.4 we expect to bring you a big performance boost.


Read more about 'Contao Manager 1.4'...

In this review, we look back at the last two months as well as the entire last year. Sit back and review the past year in Contao news.


Read more about 'Contao Two Month Review November and...

There is nothing like a well maintained system.


Read more about 'Contao Two Month Review September and October 2020'...

There is nothing like a well maintained system.


Read more about 'Contao Two Month Review September und October 2020'...

Contao 4.4.52, 4.9.6 and 4.10.1 are available. The releases fix the security vulnerability CVE-2020-25768.


Read more about 'Contao 4.4.52, 4.9.6 and 4.10.1 are available'...

We're happy to announce the immediate availability of Contao Manager version 1.3.0. Improvements for installation and update will simplify the maintenance of Contao.


Read more about 'Contao...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the second Contao Core Developers Meeting 2020'...

On September 24th, 2020, we will release an update for Contao 4.4, 4.9 and 4.10 which fixes a security vulnerability.


Read more about 'Security update on September 24th, 2020'...

In the past two months, we have been working hard to continue the success story of Contao.


Read more about 'Contao Two Month Review July and August 2020'...

Contao version 4.10.0 is available. The release contains new features such as an improved routing, mailer transports, enhanced simple tokens, featured events, an improved search, new insert tags, a...

Last November we announced the new Contao documentation and it's time to say a few words about it and hopefully get more contributors on board.


Read more about 'The state of the documentation'...

A very nice day, we welcome you to our new TV program and wish you excellent reception.


Read more about 'Contao Two Month Review May and June 2020'...

The world stands still, and yet - or perhaps because of it - a lot has happened in the Contao environment.


Read more about 'Contao Two Month Review March and April 2020'...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the first Contao Core Developers Meeting 2020'...

What lasts long, finally gets better.


Read more about 'Contao Two Month Review January and February 2020'...

Contao version 4.9.0 is available. The release contains new features such as a crawler, a SERP widget, dynamic favicon.ico and robots.txt files, image lazy loading, backup codes and trusted devices...

It was an eventful year for Contao in all respects, and we quietly bid it farewell.


Read more about 'Contao Two Month Review November and December 2019'...

Contao 4.4.46 and 4.8.6 are available. The releases fix the security vulnerabilities CVE-2019-19745, CVE-2019-19712 and CVE-2019-19714.


Read more about 'Contao 4.4.46 and 4.8.6 are available'...

On December 17th, 2019, we will release security updates for Contao 4.4 and 4.8.


Read more about 'Security update on December 17th, 2019'...

Autumn is here and with it comes the beautiful colors of the leaves in the forest. But, with each new version, Contao gets an even more colorful set of enhancements.


Read more about 'Contao Two...

Just in time for the Contao Conference 2019 in Duisburg (Germany), the Contao Manager version 1.2.0 was released. As expected, this version contains many new and interesting features.


Read more...

Every year, the Contao Core development team meets twice for a short code sprint of three days.



Read more about 'Recap of the second Contao Core Developers Meeting 2019'...

There are some exciting prospects ahead - and not just in retrospect.


Read more about 'Contao Two Month Review July and August 2019'...

Date: 2019-04-09
CVE ID: CVE-2019-10642
The request token check can be bypassed. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.


Read more about 'Bypassing the request...

Date: 2019-04-09
CVE ID: CVE-2019-10643
Confirming an opt-in token does not invalidate previous opt-in tokens. The problem affects Contao 4.7 and has been fixed in Contao 4.7.3.


Read more...

Date: 2019-04-30
CVE ID: CVE-2019-11512
The search menu of the file manager is vulnerable to SQL injections. The problem affects all Contao versions as of Contao 4.1 and has been fixed in Contao...

Date: 2019-04-09
CVE ID: CVE-2019-10641
User sessions are not invalidated if a user changes their password. The problem affects all Contao versions and has been fixed in Contao 3.5.39, 4.4.37 and...

Date: 2018-04-18
CVE ID: CVE-2018-10125
The system log is vulnerable to cross site scripting in the back end. The problem affects all Contao versions and has been fixed in Contao 3.5.34, 4.4.17...

Date: 2018-09-18
CVE ID: CVE-2018-17057
A vulnerability in TCPDF allows for arbitrary code execution. The problem affects all Contao versions and has been fixed in Contao 3.5.36, 4.4.25 and 4.6.4....

Date: 2018-12-13
CVE ID: CVE-2018-20028
Logged in back end users can view records which have not been enabled for them. The problem affects all Contao versions and has been fixed in Contao 3.5.37,...

Contao version 4.8.0 is available. The release contains new features such as deferred image resizing, 2-factor authentication in the front end, splash screens for YouTube and Vimeo videos, service...

On 31 May 2019 the LTS period of Contao 3.5 expired. In this article I'll summarize what exactly that means. We have also decided to open our Slack workspace to everyone as an alternative to IRC...

Over the last week of June, the thermometers were reading high all over Europe. Meteorologists nationwide agreed that the heat could break records.


Read more about 'Contao Two Month Review May...

David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4....

On April 30th, 2019, we will release an update for Contao 4.4 and 4.7, which fixes a security vulnerability.


Read more about 'Security update on April 30th, 2019'...

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7. The security vulnerability has the identifier CVE-2019-10642.


Read more about 'Security...

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. The security vulnerability has the identifier CVE-2019-10643.
...

Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. The security vulnerability has the...

On April 9th, 2019, we will release updates for Contao 3.5, 4.4 and 4.7, which fix several security vulnerabilities.


Read more about 'Security update on April 9th, 2019'...