This release fixes several bugs related to the recently fixed security vulnerability. In particular, it concerns incorrect encoding of certain combinations of script
statements. In addition, an error in the versioning of data sets has been fixed.
Changelog of the fixed issues in Contao 4.9.20:
- #3369 Fix using insert tags in the page title (ausi)
- #3360 Use intl for text direction (fritzmg)
- #3367 Handle insert tag flags in the picker (leofeyer)
- #3310 Add the "dry-run" and "format=ndjson" options to the migrate command (ausi)
- #3359 Fix the media element migration (ausi)
- #3346 Fix versioning condition in DC_Folder edit action (ausi)
- #3356 Make the metadata available in the download element (leofeyer)
- #3341 Clarify contao.preview_script usage (fritzmg)
- #3314 Add support for namespaced attributes (ausi)
- #3303 Warn if the DB server is not running in strict mode (ausi)
- #3321 Correctly explode foreign keys in the DCA (fritzmg)
- #3323 Remove reference to other table from column classname in DC_Table (dennisbohn)
- #3319 Correctly encode HTML comments, <script> and <style> tags (ausi)
- #3315 Do not encode special characters if no tags are allowed (ausi)
- #3311 Fix version creation for entries with dynamic ptable (fritzmg)
- #3278 Check if stopwatch is started before stopping (bytehead)
- #3283 Check if the indexer service exists when purging search tables (bytehead)
About Contao 4.9 LTS
The first stable version of Contao 4.9 has been released on February 18, 2020, replacing Contao 4.4 as the long term support version. As an LTS version, 4.9 has been be provided with bug fixes until February 14, 2023 and security-related updates until February 14, 2024. Contao 4.13 was the next LTS version of Contao and has been released in February 2022, ensuring a stress-free transition.