Changelog of the new features in Contao 4.12.0:
- #3343 Make the ContaoFilesystemLoader compatible with Symfony 4.4 (bytehead)
- #3339 Allow Twig v3 (m-vo)
- #3337 Strip attributes in markdown element (ausi)
- #3228 Require twig/extra-bundle in the managed edition (m-vo)
- #2988 Add Twig support (m-vo)
- #3138 Use intl for languages and countries (ausi)
- #3151 Enforce the MySQL strict mode (m-vo)
- #3167 Use schema.org JSON-LD in the faq-bundle (Toflar)
- #3155 Use schema.org JSON-LD in the calendar-bundle (Toflar)
- #3156 Use schema.org JSON-LD in the breadcrumb module (Toflar)
- #2305 Use Locale IDs for tl_page.language (aschempp)
- #3103 Allow to exclude fields in the file manager (leofeyer)
- #3124 Use a security voter to check the member groups (aschempp)
- #3135 Handle protected pages in the "quicklink" module (leofeyer)
- #3119 Use schema.org JSON-LD in the news-bundle (Toflar)
- #3120 Beautify the JSON-LD by sorting by key (Toflar)
- #3110 Add the rawPlainText() and rawHtmlToPlainText() template helper methods (Toflar)
- #3100 Use HTTPS for all schema.org links (leofeyer)
- #3107 Add the default WebPage schema.org data again (Toflar)
- #2962 Centralize the JSON-LD metadata management (Toflar)
- #3102 Allow direct links to public files in the file picker (leofeyer)
- #3088 Add a guests group to the list of allowed groups (leofeyer)
- #3084 Rename the web folder to public (leofeyer)
- #3082 Remove the technical details from the default search template (leofeyer)
- #3080 Reduce memory consumption in search (ausi)
- #3066 Rework the response context (Toflar)
- #3053 Add a page controller for root pages (aschempp)
- #3076 Add a license field to the file metadata (Toflar)
- #3052 Remove the password confirmation field (leofeyer)
- #3055 Add an enhanced Markdown content element (Toflar)
- #3056 Deprecate already moved config options (ausi)
- #3057 Sort routes by region if no preferred language matches (aschempp)
- #3014 Ensure clean response context and unify meta handling (Toflar)
- #3051 Remove the "addWizardClass" workaround (leofeyer)
- #3019 Dispatch an event to define metadata inside the FigureBuilder (m-vo)
- #3017 Handle UUIDs in the file metadata class (m-vo)
- #2975 Add the response context (Toflar)
- #2804 Drop the LegacyFigureBuilderTrait (m-vo)
- #2917 Remove the search results cache (leofeyer)
- #2801 Add JSON+LD metadata to the search index (Toflar)
- #2724 Support extracting the canonical URI from a document (Toflar)
- #2733 Make the FigureBuilder more fail tolerant (m-vo)
- #2734 Enable accessing Figure in all templates (m-vo)
Changelog of the fixed issues in Contao 4.12.0:
- #3295 Fix the "iflng" and "ifnlng" insert tags (ausi)
- #3276 Check catalogue for country or locale translations (ausi)
- #3268 Fix a type error in the event list module (leofeyer)
- #3270 Always refresh the template hierarchy in the debug:contao-twig command (m-vo)
- #3269 Show native language suffix only in user profile (ausi)
- #3258 Deprecated the return of null response in fragments (aschempp)
- #3146 Deprecate the insert tag flag "|absolute" (ausi)
- #3250 Add missing SchemaOrgRuntime service declaration (m-vo)
- #3219 Track theme templates in the template hierarchy (m-vo)
- #3213 Support dynamic Twig includes/extends (m-vo)
- #3247 Unify the "numberOfItems" translations (leofeyer)
- #3243 Fix a func_get_arg() value error (ausi)
- #3233 Fix session service check in AddSessionBagsPass (fritzmg)
- #3215 Make Contao compatible with Symfony 5.3 (ausi)
- #3201 Only create proxy templates for '@Contao' namespaced templates (m-vo)
- #3204 Implement a contao_ variant of the html_attr escaper (m-vo)
- #3203 Fix extending multiple levels of Contao templates (ausi)
- #3202 Sanity check template names in FigureRenderer (m-vo)
- #3196 Support multiple JSON+LD objects in the search document (qzminski)
- #3195 Do not prefix our JSON-LD context (ausi)
- #3182 Simplify Controller::addImageToTemplate tests (m-vo)
- #3170 Add JSON-LD support for Twig (m-vo)
- #3175 Only warn if the DB server is not running in strict mode (leofeyer)
- #3164 Deprecate the getSearchablePages() method (aschempp)
- #3166 Revert 'Lazy-load the rootFallbackLanguage property' (leofeyer)
- #3163 Remove left-over itemprop usages (leofeyer)
- #3150 Always use the security voter to check member groups (aschempp)
- #3161 Unify the schema.org helper methods (leofeyer)
- #3165 Prevent an "undefined property" error in the Model class (leofeyer)
- #3162 Remove two left-over itemprop attributes (Toflar)
- #3154 Do not override the global language in some front end modules (leofeyer)
- #3148 Filter "guests only" pages to restore backwards compatibility (leofeyer)
- #3147 Add back the "guests" checkbox (leofeyer)
- #3141 Deprecate using tabindex values greater than 0 (leofeyer)
- #3136 Make sure that deserialized groups are always an array (leofeyer)
- #3075 Harden FigureBuilder::from() against invalid types (m-vo)
- #3073 Allow null in FigureBuilder#from() (m-vo)
- #3010 Remove a left-over call to the LegacyFigureBuilderTrait (m-vo)
- #2713 Mention removal of MediaElement.js in the UPGRADE.md file (fritzmg)
Security vulnerabilities closed in Contao 4.12.0:
- Privilege escalation with the form generator (CVE-2021-37627)
- PHP file inclusion via insert tags (CVE-2021-37626)
- Cross site scripting via HTML attributes in the back end (CVE-2021-35955)
- Cross site scripting in the system log (CVE-2021-35210)
- Insert tag injection in forms (CVE-2020-25768)
About Contao 4.12
The first stable version of Contao 4.12 has been released on 15 August 2021 and is the successor of Contao 4.11. 4.12 has been updated until 14 January 2022, after which it was replaced by Contao 4.13.