This release fixes a problem in the virtual file system and protects against potentially endless database migrations if two migrations bring each other into an endless loop.
Why is there a bugfix release published shortly before a security vulnerability is closed?
When Contao 4.9.6 was released, we did not have this separation yet. There were problems with the update via the Contao Manager as well as bugs that had to be fixed the next day in a new version 4.9.7. Therefore, the core team decided not to mix security and bugfix versions anymore. Security releases will henceforth contain only the changes necessary to close the vulnerabilities.
Changelog of the fixed issues in Contao 4.13.39:
- #7029 Update the DBAFS cache when creating files (m-vo)
- #6957 Prevent infinite loops of migrations (richardhj)
- #6771 Backport the `UnwrapTwigExceptionListener` (bytehead)
- #6986 Ignore empty image size items (ausi)
- #6926 Set the X-Frame-Options header for popups (richardhj)
About Contao 4.13 LTS
The first stable version of Contao 4.13 has been released on February 17, 2022, replacing Contao 4.9 as the long term support version. As an LTS version, 4.13 will be provided with bug fixes until February 14, 2025 and security-related updates until February 14, 2026. Contao 5.3 will be the next LTS version of Contao and has been released in February 2024, ensuring a stress-free transition.