./www/contao35, Contao Open Source CMS 3.5.37

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.5.37, Package name: php71-contao35-3.5.37, Maintainer: taca

Contao is an Open Source Content Management Framework developed by Leo Feyer
and distributed under the LGPL license (see GPL.txt and LGPL.txt for more
information). It was formerly known as TYPOlight Open Source CMS.

Its open architecture allows everybody to extend the system to fit his
needs. Contao specializes in accessible websites and is accessbile
itself (front end and back end), rendering valid HTML5 or XHTML pages.

This is version 3.5 stable, LTS (Long Term Support) release.

DEINSTALL [+/-]

Required to run:
[www/php-curl] [graphics/php-gd] [archivers/php-zlib] [shells/bash] [converters/php-mbstring] [databases/php-mysqli] [net/php-soap] [security/php-pecl-mcrypt]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 9a25b2d4b63c8ac41d7284c16d0650755f7df762
RMD160: 4d6f6a5583051d2e3e88294561160b6a559ad839
Filesize: 10940.507 KB

Version history: (Expand)


CVS history: (Expand)


   2018-12-15 17:42:19 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.37

Version 3.5.37 (2018-12-13)
---------------------------

### Fixed
Prevent information disclosure in the back end (see CVE-2018-20028).
   2018-09-18 17:10:58 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.36

Version 3.5.36 (2018-09-18)
---------------------------

### Fixed
Prevent arbitrary code execution through .phar files (see CVE-2018-17057).

### Fixed
Correctly reset the autologin data upon logout (#8868).

### Fixed
Remove support for deprecated user password hashes (see #8889).
   2018-04-23 16:00:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.35

Version 3.5.35 (2018-04-18)
---------------------------

### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).

CVE-2018-10125

With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log.  The attacker themselves
does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
   2018-03-06 17:25:39 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.34

Version 3.5.34 (2018-03-06)
---------------------------

### Fixed
Check the registry for table prefixed queries (see contao/core-bundle#1161).

### Fixed
Improve the folder hashing performance (see #8856).

### Fixed
Reset the autologin hash if the username or password changes (see #8843).

### Fixed
Correctly encode the sitemap URLs (see #8849).
   2018-01-22 17:11:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.33

Contao 3.5.33 is available			2018/01/22 10:08 by Leo Feyer

Contao version 3.5.33 is available.  The bugfix release restores the PHP 5.4
compatibility and fixes problems with MariaDB 10.2.4+ and MySQL 8.

PHP 5.4

Even if Contao 3.5 still supports PHP 5.4, we strongly advise against using
outdated PHP versions.  Contao 3.5 is compatible with the latest PHP versions,
therefore – if the installed extensions allow it – you should run it with PHP
7 or at least PHP 5.6.

Identifier Quoting

We have revised identifier quoting, which we had added to Contao 4.4.10, and
ported it to Contao 3, so Contao 3.5 should be compatible with MariaDB 10.2.4+
and MySQL 8 now.
   2018-01-18 17:13:31 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.32

Contao 3.5.32 is available		2018/01/18 09:48 by Leo Feyer

Contao version 3.5.32 is available. The bugfix release fixes an XSS
vulnerability in the newsletter extension (CVE-2018-5478).

CVE-2018-5478

The vulnerability is in the "unsubscribe" module of the newsletter \ 
extension
and can easily be exploited by anyone in the front end. We therefore strongly
recommend you to update.

The problem affects Contao 2.0.0 to 3.5.31 and the Contao newsletter bundle
4.0.0 to 4.0.3.

If you are not using the newsletter extension or the "unsubscribe" module,
your installation is not affected by the vulnerability.
   2017-11-15 15:07:53 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update contaoet to 3.5.31.

Version 3.5.31 (2017-11-15)
---------------------------

### Fixed
Prevent SQL injections in the back end search panel (see CVE-2017-16558).
   2017-10-07 15:01:17 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: Update to 3.5.30.

Version 3.5.30 (2017-10-06)
---------------------------

### Fixed
Filter multi-day events outside the scope in the event list (see #8792).

### Fixed
Correctly show multi-day events if the shortened view is disabled (see #8782).