As always, this release contains all changes of the latest 4.13.20. In addition, an error in counting the newsletter recipients was fixed and the news archive list restricts the allowed news archives correctly again. At no time was there a problem with the permissions, it was just a display issue.
Why is there a bugfix release published one week before a security vulnerability is closed?
When Contao 4.9.6 was released, we did not have this separation yet. There were problems with the update via the Contao Manager as well as bugs that had to be fixed the next day in a new version 4.9.7. Therefore, the core team decided not to mix security and bugfix versions anymore. Security releases will henceforth contain only the changes necessary to close the vulnerabilities.
Changelog of the fixed issues in Contao 5.1.3:
- #5963 Correctly count the skipped recipients (leofeyer)
- #5964 Add the header.svg and settings.svg icons again (leofeyer)
- #5946 Load the default language when generating the calendar feeds (leofeyer)
- #5960 Prevent double slashes in version URLs (leofeyer)
- #5949 Add the "adjustDca" load callback to tl_news_archive again (leofeyer)
- #5941 Do not treat sub-directories of Twig namespace roots as template paths (m-vo)
- #5922 Correctly pass null values in findBy queries (ausi)