Contao 4.9.18, a new version of the Contao open source CMS, has been released.

The security releases Contao 4.4.56, 4.9.18 and 4.11.7 fix three vulnerabilities at once (CVE-2021-35955, CVE-2021-37627 and CVE-2021-37626). One of them was reported from outside, the other two were found by core developer Martin Auswöger. Martin himself developed the patches for all three vulnerabilities and all three target versions. An extremely time-consuming and non-trivial work. Many thanks to you, dear Martin! By the way: He owns a GitHub Sponsors profile for all readers who want to acknowledge his work.

Vulnerability details

About Contao 4.9 LTS

The first stable version of Contao 4.9 was released on February 18, 2020, replacing Contao 4.4 as the long term support version. As an LTS version, 4.9 will be provided with bug fixes until February 14, 2023 and security-related updates until February 14, 2024. Contao 4.13 will be the next LTS version of Contao and will be released in February 2022, ensuring a stress-free transition.

Add a comment

Please calculate 1 plus 4.