This release contains GDPR relevant improvements! The old log entries were previously only deleted when the back end was accessed. Now, this is done via a cronjob to reliably clean up obsolete data. Also improved in this release is the cleanup of orphaned records for DCA mode 5 (page structure). In other news, the edit multiple mode in the file management now works correctly and the integration of Symfony Forms has been simplified for developers. There were also further optimizations to caching and PHP 8 compatibility.
Why is there a bugfix release published one week before a security vulnerability is closed?
When Contao 4.9.6 was released, we did not have this separation yet. There were problems with the update via the Contao Manager as well as bugs that had to be fixed the next day in a new version 4.9.7. Therefore, the core team decided not to mix security and bugfix versions anymore. Security releases will henceforth contain only the changes necessary to close the vulnerabilities.
Changelog of the fixed issues in Contao 4.9.17:
- #2940 Show the Contao layout in the Symfony profiler (aschempp)
- #3256 Revert 'Lazy-load the rootFallbackLanguage property' (leofeyer)
- #3214 Support request tokens in Symfony forms (ausi)
- #3251 Harden literal insert tag replacement (m-vo)
- #3245 Fix a func_get_arg() value error (ausi)
- #3220 Correctly clean up left-over records in DCA mode 5 (aschempp)
- #3218 Do not start the session in the login module (ausi)
- #3197 Allow defining entities alongside DCA definitions (m-vo)
- #3190 Consider the robots.txt content in the SearchIndexSubscriber (Toflar)
- #3221 Remove the dev firewall (aschempp)
- #3217 Allow robots setting for redirect pages (fritzmg)
- #3210 Ensure the numberOfItems label does refer to items only (Toflar)
- #3216 Add Google Conversion Linker cookie to deny list (ausi)
- #3179 Backport support for namespaced DC drivers (fritzmg)
- #3174 Correctly handle form fields in DC_Folder in "editAll" mode () (leofeyer)
- #3047 Update the YouTube options (leofeyer)
- #3158 Undeprecate the "importUser" hook (bytehead)
- #3125 Check if tstamp exists before hiding unsaved elements (aschempp)
- #3077 Correctly render showColumns in the picker widget (aschempp)
- #3085 Do not disable search and cache in FAQ and newsletter readers (fritzmg)
- #3083 Fix the indentation in the news_full template (fritzmg)
- #3078 Purge log and undo tables via cron (Toflar)
- #3067 Lazy-load the rootFallbackLanguage property (aschempp)
About Contao 4.9 LTS
The first stable version of Contao 4.9 has been released on February 18, 2020, replacing Contao 4.4 as the long term support version. As an LTS version, 4.9 will be provided with bug fixes until February 14, 2023 and security-related updates until February 14, 2024. Contao 4.13 will be the next LTS version of Contao and has been released in February 2022, ensuring a stress-free transition.