Date: 2019-04-09
CVE ID: CVE-2019-10641
User sessions are not invalidated if a user changes their password. The problem affects all Contao versions and has been fixed in Contao 3.5.39, 4.4.37 and 4.7.3.


Read more about 'Session invalidation upon password changes'...