This repository has been archived by the owner on Nov 3, 2023. It is now read-only.
Releases: contao/core
Releases · contao/core
3.5.40
Fixed
Fix the save callback in the back end password module (see #429 ).
3.5.39
Fixed
Invalidate the user sessions if a password changes (see CVE-2019-10641 ).
3.5.38
Fixed
Correctly check the permission to move child records as non-admin user.
3.5.36
Fixed
Prevent arbitrary code execution through .phar files (see CVE-2018-17057 ).
Correctly reset the autologin data upon logout (#8868 ).
Remove support for deprecated user password hashes (see #8889 ).
3.5.34
Fixed
Check the registry for table prefixed queries (see contao/core-bundle#1161 ).
Improve the folder hashing performance (see #8856 ).
Reset the autologin hash if the username or password changes (see #8843 ).
Correctly encode the sitemap URLs (see #8849 ).
3.5.33
Fixed
Also pass $this in the "customizeSearch" hook (see #8841 ).
Quote reserved words in database queries (see #8813 ).
Require ircmaxell/password-compat to remain compatible with PHP 5.4.
3.5.32
Fixed
Fix an XSS vulnerability in the newsletter module (see CVE-2018-5478 ).
Do not remove old subscriptions not related to the channels (see #8824 ).
Backport the password algorithm changes from Contao 4 (see #8820 ).
3.5.31
Fixed
Prevent SQL injections in the back end search panel (see CVE-2017-16558 ).
You can’t perform that action at this time.
