Path to this page:
Subject: CVS commit: pkgsrc/www/contao44
From: Takahiro Kambe
Date: 2018-04-23 16:19:00
Message id: 20180423141900.AF5E0FBEC@cvs.NetBSD.org
Log Message:
www/contao44: update to 4.4.18
Contao 4.4.17 (2018-04-04)
Contao version 4.4.17 is available. The bugfix release fixes a few minor
issues including a problem with rendering custom layout sections.
Contao 4.4.18 (2018-04-18)
Contao version 4.4.18 is available. The bugfix release fixes an XSS
vulnerability in the system log of the back end (CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
Files: