Contao Open Source CMS 5.7.9

Contao 5.7.9, a new version of the Contao open source CMS, has been released.

In addition to addressing a security vulnerability, It also improves cache invalidation for iterable collections, prevents newsletter content from being sanitized unintentionally, and fixes output encoding migrations for MariaDB. In addition, insert tags in widget values are now replaced more safely.

Security vulnerability closed:

  • Server-side request forgery (SSRF) via unvalidated RSS feed URLs (CVE-2026-57232)

Changelog of the fixed issues in Contao 5.7.9:

Details of the security vulnerability

About Contao 5.7 LTS

The first stable version of Contao 5.7 will be released on February 15, 2026, replacing Contao 5.3 as the long term support version. As an LTS version, 5.7 will be provided with bug fixes until February 14, 2029 and security-related updates until February 14, 2030. Contao 6.3 is the next LTS version of Contao and is due to be released in February 2028, ensuring a smooth transition.

Bjarke Ammann

Bjarke takes care of the website and support. If you like reading, you might have come across his Contao Two Month Review or found an answer to your question in the official Contao user manual. He also makes sure that Contao enthusiasts from Switzerland meet regularly to exchange ideas. He loves culinary delights, good music and exercise in the fresh air.