Unfortunately, there is now an exploit for the potential PHP object injection vulnerability, which we have prophylactically fixed with the latest updates to Contao 3.2.5 and 2.11.14.
Read more about 'Major security hole found in Contao'...
Unfortunately, there is now an exploit for the potential PHP object injection vulnerability, which we have prophylactically fixed with the latest updates to Contao 3.2.5 and 2.11.14.
Read more about 'Major security hole found in Contao'...
Is this in all versions of Contao dating back to the first release? or are there some versions it doesn't affect?
Yes, unfortunately all versions prior to 3.2.6 and 2.11.15 are affected.
Fortunately, the guys from the Contao Community Alliance (CCA) have provided patch files even for older Contao versions. Stay tuned for the upcoming new patch files that will cope with the latest security hole which was found today.
Last edited by xchs; 02/12/2014 at 21:25.
Contao Community Moderator
→ Support options
Bookmarks