Skip to content
This repository has been archived by the owner. It is now read-only.

@leofeyer leofeyer released this Apr 11, 2019 · 1 commit to 3.5 since this release

Fixed

  • Fix the save callback in the back end password module (see #429).
Assets 4

@leofeyer leofeyer released this Apr 9, 2019 · 2 commits to 3.5 since this release

Fixed

  • Invalidate the user sessions if a password changes (see CVE-2019-10641).
Assets 4

@leofeyer leofeyer released this Dec 21, 2018 · 4 commits to 3.5 since this release

Fixed

  • Correctly check the permission to move child records as non-admin user.
Assets 4

@leofeyer leofeyer released this Dec 13, 2018 · 6 commits to 3.5 since this release

Fixed

  • Prevent information disclosure in the back end (see CVE-2018-20028).
Assets 4

@leofeyer leofeyer released this Sep 18, 2018 · 8 commits to 3.5 since this release

Fixed

  • Prevent arbitrary code execution through .phar files (see CVE-2018-17057).
  • Correctly reset the autologin data upon logout (#8868).
  • Remove support for deprecated user password hashes (see #8889).
Assets 4

@leofeyer leofeyer released this Apr 18, 2018 · 15 commits to 3.5 since this release

Assets 4

@leofeyer leofeyer released this Mar 6, 2018 · 19 commits to 3.5 since this release

Fixed

  • Check the registry for table prefixed queries (see contao/core-bundle#1161).
  • Improve the folder hashing performance (see #8856).
  • Reset the autologin hash if the username or password changes (see #8843).
  • Correctly encode the sitemap URLs (see #8849).
Assets 4

@leofeyer leofeyer released this Jan 22, 2018 · 31 commits to 3.5 since this release

Fixed

  • Also pass $this in the "customizeSearch" hook (see #8841).
  • Quote reserved words in database queries (see #8813).
  • Require ircmaxell/password-compat to remain compatible with PHP 5.4.
Assets 4

@leofeyer leofeyer released this Jan 18, 2018 · 40 commits to 3.5 since this release

Fixed

  • Fix an XSS vulnerability in the newsletter module (see CVE-2018-5478).
  • Do not remove old subscriptions not related to the channels (see #8824).
  • Backport the password algorithm changes from Contao 4 (see #8820).
Assets 4

@leofeyer leofeyer released this Nov 15, 2017

Fixed

  • Prevent SQL injections in the back end search panel (see CVE-2017-16558).
Assets 4
You can’t perform that action at this time.