Contao 3.3.7
24 November 2014
Contao version 3.3.7 is now available (security release).
Upgrading to Contao 3.3.7
Contao 3.3.7 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Contao updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Contao install to test the 3.3.7 upgrade prior to applying it live. Get started managing your Contao installations with Installatron
What's New in Contao 3.3.7
This release fixes a severe XSS vulnerability as well as a potential directory traversal vulnerability.
What's New
- Fixed: Fixed a potential directory traversal vulnerability.
- Fixed: Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
- Fixed: Handle nested insert tags in strip_insert_tags().
- Fixed: Correctly store the model in Dbafs::addResource() (see #7440).
- Fixed: Send the request token when toggling the visibility of an element (see #7406).
- Fixed: Always apply the IE security fix in the Environment class (see #7453).
- Fixed: Correctly handle archives being part of multiple RSS feeds (see #7398).
- Fixed: Correctly handle 0 in utf8_convert_encoding() (see #7403).
- Fixed: Send a 301 redirect to forward to the language root page (see #7420).