Skip to content
This repository has been archived by the owner. It is now read-only.

Releases: contao/core

3.5.40

Compare
Choose a tag to compare

Fixed

  • Fix the save callback in the back end password module (see #429).

3.5.39

Compare
Choose a tag to compare

Fixed

  • Invalidate the user sessions if a password changes (see CVE-2019-10641).

3.5.38

Compare
Choose a tag to compare

Fixed

  • Correctly check the permission to move child records as non-admin user.

3.5.37

Compare
Choose a tag to compare

Fixed

  • Prevent information disclosure in the back end (see CVE-2018-20028).

3.5.36

Compare
Choose a tag to compare

Fixed

  • Prevent arbitrary code execution through .phar files (see CVE-2018-17057).
  • Correctly reset the autologin data upon logout (#8868).
  • Remove support for deprecated user password hashes (see #8889).

3.5.35

Compare
Choose a tag to compare

3.5.34

Compare
Choose a tag to compare

Fixed

  • Check the registry for table prefixed queries (see contao/core-bundle#1161).
  • Improve the folder hashing performance (see #8856).
  • Reset the autologin hash if the username or password changes (see #8843).
  • Correctly encode the sitemap URLs (see #8849).

3.5.33

Compare
Choose a tag to compare

Fixed

  • Also pass $this in the "customizeSearch" hook (see #8841).
  • Quote reserved words in database queries (see #8813).
  • Require ircmaxell/password-compat to remain compatible with PHP 5.4.

3.5.32

Compare
Choose a tag to compare

Fixed

  • Fix an XSS vulnerability in the newsletter module (see CVE-2018-5478).
  • Do not remove old subscriptions not related to the channels (see #8824).
  • Backport the password algorithm changes from Contao 4 (see #8820).

3.5.31

Compare
Choose a tag to compare

Fixed

  • Prevent SQL injections in the back end search panel (see CVE-2017-16558).