Recently, there has been an increase in reports of unwanted spam via form submissions. Contao responds quickly and so this release brings improvements to the included captcha solution. In addition, improvements have been made to the sitemap and schema.org data. Various performance improvements complete this release.
Changelog of the fixed issues in Contao 4.13.37:
- #6870 Improve the CAPTCHA (ausi)
- #6868 Do not add duplicate paths in our own Twig filesystem loader (m-vo)
- #6832 Do not load the sitemap from cache for authenticated users (fritzmg)
- #6849 Add the missing use statement for `FormHidden` (fritzmg)
- #6848 Improve the `ConfigureFilesystemPass` performance (fritzmg)
- #6826 Randomize CSRF tokens once per request (ausi)
- #6825 Add a foreign key declaration for form and module fields (rorych)
- #6798 Correctly show past events if "hide running events" is active (janborg)
- #6801 Handle empty sessions in the CSRF cookie subscriber (Toflar)
- #6808 Support HTML5 entities with `double_encode: false` (ausi)
- #6777 Ensure absolute paths in the `ImageObject` schema.org data (leofeyer)
- #6778 Correctly check the "show" permission in the site structure (leofeyer)
- #6764 Prevent argument errors on malicious login attempts (fritzmg)
- #6762 Fix mov mime type (ausi)
- #6717 Allow prefixing simple tokens with `#` (Toflar)
- #6724 Redirect in the `BackendConfirm` controller if there is no `INVALID_TOKEN_URL` in the session (leofeyer)
About Contao 4.13 LTS
The first stable version of Contao 4.13 has been released on February 17, 2022, replacing Contao 4.9 as the long term support version. As an LTS version, 4.13 will be provided with bug fixes until February 14, 2025 and security-related updates until February 14, 2026. Contao 5.3 will be the next LTS version of Contao and has been released in February 2024, ensuring a stress-free transition.
