./www/contao35, Contao Open Source CMS 3.5.40

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.5.40, Package name: php71-contao35-3.5.40, Maintainer: taca

Contao is an Open Source Content Management Framework developed by Leo Feyer
and distributed under the LGPL license (see GPL.txt and LGPL.txt for more
information). It was formerly known as TYPOlight Open Source CMS.

Its open architecture allows everybody to extend the system to fit his
needs. Contao specializes in accessible websites and is accessbile
itself (front end and back end), rendering valid HTML5 or XHTML pages.

This is version 3.5 stable, LTS (Long Term Support) release.

DEINSTALL [+/-]

Required to run:
[www/php-curl] [graphics/php-gd] [archivers/php-zlib] [shells/bash] [converters/php-mbstring] [databases/php-mysqli] [net/php-soap] [security/php-pecl-mcrypt]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 67ee42c5232142bf7b7f9f86635f9a5dc7c3536d
RMD160: b8fdb80da8b96fd7820f972f5b33418fadcadf81
Filesize: 10941.986 KB

Version history: (Expand)


CVS history: (Expand)


   2019-04-14 11:23:07 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.40

Version 3.5.40 (2019-04-10)
---------------------------

### Fixed
Fix the save callback in the back end password module (see #429).
   2019-04-09 15:09:17 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.39

pkgsrc change: use SUBST_VARS.

Version 3.5.39 (2019-04-09)
---------------------------

### Fixed
Invalidate the user sessions if a password changes (see CVE-2019-10641).
   2018-12-22 12:47:33 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.38

Version 3.5.38 (2018-12-21)
---------------------------

### Fixed
Correctly check the permission to move child records as non-admin user.
   2018-12-15 17:42:19 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.37

Version 3.5.37 (2018-12-13)
---------------------------

### Fixed
Prevent information disclosure in the back end (see CVE-2018-20028).
   2018-09-18 17:10:58 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.36

Version 3.5.36 (2018-09-18)
---------------------------

### Fixed
Prevent arbitrary code execution through .phar files (see CVE-2018-17057).

### Fixed
Correctly reset the autologin data upon logout (#8868).

### Fixed
Remove support for deprecated user password hashes (see #8889).
   2018-04-23 16:00:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/contao35: update to 3.5.35

Version 3.5.35 (2018-04-18)
---------------------------

### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).

CVE-2018-10125

With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log.  The attacker themselves
does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
   2018-03-06 17:25:39 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.34

Version 3.5.34 (2018-03-06)
---------------------------

### Fixed
Check the registry for table prefixed queries (see contao/core-bundle#1161).

### Fixed
Improve the folder hashing performance (see #8856).

### Fixed
Reset the autologin hash if the username or password changes (see #8843).

### Fixed
Correctly encode the sitemap URLs (see #8849).
   2018-01-22 17:11:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/contao35: update to 3.5.33

Contao 3.5.33 is available			2018/01/22 10:08 by Leo Feyer

Contao version 3.5.33 is available.  The bugfix release restores the PHP 5.4
compatibility and fixes problems with MariaDB 10.2.4+ and MySQL 8.

PHP 5.4

Even if Contao 3.5 still supports PHP 5.4, we strongly advise against using
outdated PHP versions.  Contao 3.5 is compatible with the latest PHP versions,
therefore – if the installed extensions allow it – you should run it with PHP
7 or at least PHP 5.6.

Identifier Quoting

We have revised identifier quoting, which we had added to Contao 4.4.10, and
ported it to Contao 3, so Contao 3.5 should be compatible with MariaDB 10.2.4+
and MySQL 8 now.