As always, this release contains the changes from the latest 4.13.39. In addition, the monitoring of background workers has been improved, where we can now also enjoy Windows support. Furthermore, a problem with the new permissions for front end modules has been fixed and various minor improvements have been made to the Twig templates. In addition, the clipboard is now correctly redirecting back to the list view and the built-in debug tools for developers have been improved, including the correct listing of voters in the Symfony profiler.
Why is there a bugfix release published shortly before a security vulnerability is closed?
When Contao 4.9.6 was released, we did not have this separation yet. There were problems with the update via the Contao Manager as well as bugs that had to be fixed the next day in a new version 4.9.7. Therefore, the core team decided not to mix security and bugfix versions anymore. Security releases will henceforth contain only the changes necessary to close the vulnerabilities.
Changelog of the fixed issues in Contao 5.3.2:
- #7039 Revert the changes to the "file uploaded" check (fritzmg)
- #7032 Harden mime type handling in the `FilesystemItem` class (m-vo)
- #7026 Show headlines in article teasers again (zoglo)
- #7006 Use the fragment registry in the `debug:fragments` command (bytehead)
- #7031 Allow version 5 of lcobucci/jwt (leofeyer)
- #7027 Register theme templates in the global namespace, too (ausi)
- #7028 Enable collapsible fieldsets without storage (aschempp)
- #7021 Override the access decision strategy instead of the manager (aschempp)
- #7016 Fix a PHP 8 warning in the `tl_article.getActiveLayoutSections()` method (qzminski)
- #7008 Fix the traceable access decision manager (aschempp)
- #7007 Return to the list view after adding items to the clipboard (aschempp)
- #6996 Use voters for theme permissions (aschempp)
- #7002 Add the user access voter (aschempp)
- #6993 Fix the front end module permissions (aschempp)
- #7005 Make the `ParentAccessTrait::hasAccessToParent()` method private (aschempp)
- #7003 Improve permission error message for DCA actions (aschempp)
- #6968 Set the email message priority to "high" (Toflar)
- #6995 Disable background workers if they are not supported (Toflar)
- #6952 Convert protocol-relative URLs in the string resolver (aschempp)
About Contao 5.3 LTS
The first stable version of Contao 5.3 has been released on February 16, 2024, replacing Contao 4.13 as the long term support version. As an LTS version, 5.3 will be provided with bug fixes until February 14, 2027 and security-related updates until February 14, 2028. Contao 5.7 will be the next LTS version of Contao and will be released in February 2026, ensuring a stress-free transition.