./www/contao35, Contao Open Source CMS 3.5.35

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.5.35, Package name: php71-contao35-3.5.35, Maintainer: taca

Contao is an Open Source Content Management Framework developed by Leo Feyer
and distributed under the LGPL license (see GPL.txt and LGPL.txt for more
information). It was formerly known as TYPOlight Open Source CMS.

Its open architecture allows everybody to extend the system to fit his
needs. Contao specializes in accessible websites and is accessbile
itself (front end and back end), rendering valid HTML5 or XHTML pages.

This is version 3.5 stable, LTS (Long Term Support) release.

DEINSTALL [+/-]

Required to run:
[www/php-curl] [graphics/php-gd] [archivers/php-zlib] [shells/bash] [converters/php-mbstring] [databases/php-mysqli] [net/php-soap] [security/php-pecl-mcrypt]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 398499e9e817e3f207a445135c654b7802e02a54
RMD160: 44ce17190a219f85740a490a8599e2edb5db9111
Filesize: 10940.914 KB

Version history: (Expand)


CVS history: (Expand)


   2018-04-23 16:00:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.35

Version 3.5.35 (2018-04-18)
---------------------------

### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).

CVE-2018-10125

With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log.  The attacker themselves
does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
   2018-03-06 17:25:39 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.34

Version 3.5.34 (2018-03-06)
---------------------------

### Fixed
Check the registry for table prefixed queries (see contao/core-bundle#1161).

### Fixed
Improve the folder hashing performance (see #8856).

### Fixed
Reset the autologin hash if the username or password changes (see #8843).

### Fixed
Correctly encode the sitemap URLs (see #8849).
   2018-01-22 17:11:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.33

Contao 3.5.33 is available			2018/01/22 10:08 by Leo Feyer

Contao version 3.5.33 is available.  The bugfix release restores the PHP 5.4
compatibility and fixes problems with MariaDB 10.2.4+ and MySQL 8.

PHP 5.4

Even if Contao 3.5 still supports PHP 5.4, we strongly advise against using
outdated PHP versions.  Contao 3.5 is compatible with the latest PHP versions,
therefore – if the installed extensions allow it – you should run it with PHP
7 or at least PHP 5.6.

Identifier Quoting

We have revised identifier quoting, which we had added to Contao 4.4.10, and
ported it to Contao 3, so Contao 3.5 should be compatible with MariaDB 10.2.4+
and MySQL 8 now.
   2018-01-18 17:13:31 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.32

Contao 3.5.32 is available		2018/01/18 09:48 by Leo Feyer

Contao version 3.5.32 is available. The bugfix release fixes an XSS
vulnerability in the newsletter extension (CVE-2018-5478).

CVE-2018-5478

The vulnerability is in the "unsubscribe" module of the newsletter \ 
extension
and can easily be exploited by anyone in the front end. We therefore strongly
recommend you to update.

The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle
4.0.0 to 4.0.3.

If you are not using the newsletter extension or the "unsubscribe" module,
your installation is not affected by the vulnerability.
   2017-11-15 15:07:53 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update contaoet to 3.5.31.

Version 3.5.31 (2017-11-15)
---------------------------

### Fixed
Prevent SQL injections in the back end search panel (see CVE-2017-16558).
   2017-10-07 15:01:17 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: Update to 3.5.30.

Version 3.5.30 (2017-10-06)
---------------------------

### Fixed
Filter multi-day events outside the scope in the event list (see #8792).

### Fixed
Correctly show multi-day events if the shortened view is disabled (see #8782).
   2017-09-28 14:46:25 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.29

Version 3.5.29 (2017-09-27)
---------------------------

### Fixed
Correctly handle unencoded data images in the Combiner (see #8788).

### Fixed
Correctly show multi-day events if the shortened view is disabled (see #8782).

### Fixed
Do not add a suffix when copying if the "doNotCopy" flag is set (see \ 
#8610).

### Fixed
Use the module type as group header if sorted by type (see #8402).

### Fixed
Always show the "show from" and "show until" fields (see #8766).

### Fixed
Encode the username when opening the front end preview as a member (see #8762).
   2017-09-11 18:08:41 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Make bash dependecny to runtime only.