3.5.34

@leofeyer leofeyer released this Mar 6, 2018 · 5 commits to 3.5 since this release

Fixed

  • Check the registry for table prefixed queries (see contao/core-bundle#1161).
  • Improve the folder hashing performance (see #8856).
  • Reset the autologin hash if the username or password changes (see #8843).
  • Correctly encode the sitemap URLs (see #8849).

3.5.33

@leofeyer leofeyer released this Jan 22, 2018 · 17 commits to 3.5 since this release

Fixed

  • Also pass $this in the "customizeSearch" hook (see #8841).
  • Quote reserved words in database queries (see #8813).
  • Require ircmaxell/password-compat to remain compatible with PHP 5.4.

3.5.32

@leofeyer leofeyer released this Jan 18, 2018 · 26 commits to 3.5 since this release

Fixed

  • Fix an XSS vulnerability in the newsletter module (see CVE-2018-5478).
  • Do not remove old subscriptions not related to the channels (see #8824).
  • Backport the password algorithm changes from Contao 4 (see #8820).

3.5.31

@leofeyer leofeyer released this Nov 15, 2017

Fixed

  • Prevent SQL injections in the back end search panel (see CVE-2017-16558).

3.5.30

@leofeyer leofeyer released this Oct 6, 2017

Fixed

  • Filter multi-day events outside the scope in the event list (see #8792).
  • Correctly show multi-day events if the shortened view is disabled (see #8782).

3.5.29

@leofeyer leofeyer released this Sep 27, 2017

Fixed

  • Correctly handle unencoded data images in the Combiner (see #8788).
  • Correctly show multi-day events if the shortened view is disabled (see #8782).
  • Do not add a suffix when copying if the "doNotCopy" flag is set (see #8610).
  • Use the module type as group header if sorted by type (see #8402).
  • Always show the "show from" and "show until" fields (see #8766).
  • Encode the username when opening the front end preview as a member (see #8762).

3.5.28

@leofeyer leofeyer released this Jul 12, 2017

Fixed

  • Prevent arbitrary PHP file inclusions in the back end (see CVE-2017-10993).
  • Improve the accessibility of the CAPTCHA widget (see #8709).
  • Fixed the iOS scrolling bug in the simple modal script (see #8708).
  • Correctly cache the unique keys in the SQL cache (see #8712).

3.5.26

@leofeyer leofeyer released this Apr 20, 2017

Updated

  • Updated the Punycode library to version 2 (see #8693).

Fixed

  • Prevent endless loops in the book navigation module (see #8665).
  • Limit the maximum size of dimensionless SVGs in the back end (see #8684).
  • Correctly handle custom namespaces when combining DCA files (see #8682).
  • Also check the X-Forwarded-Proto header when determining HTTPS (see #8691).
  • Correctly support 64 character template names everywhere (see #6819).
  • Correctly use the en dash in the calendar modules (see #8690).
  • Remove the UTF-8 BOM when combining files (see #8689).
  • Do not add the CORS headers in the install tool (see #8681).
  • Correctly move folders with an "@" in their name (see #8674).
  • Correctly redirect to the last page visited upon login (see #8632).
  • Back port the e-mail extraction improvements (see #8679).