About Contao 4.9 LTS
The first stable version of Contao 4.9 was released on February 18, 2020, replacing Contao 4.4 as the long term support version. As an LTS version, 4.9 will be provided with bug fixes until February 14, 2023 and security-related updates until February 14, 2024. Contao 4.13 will be the next LTS version of Contao and will be released in February 2022, ensuring a stress-free transition.
Changelog Contao 4.9
Contents
- Changelog for Contao 4.9.34
- Changelog for Contao 4.9.33
- Changelog for Contao 4.9.32
- Changelog for Contao 4.9.31
- Changelog for Contao 4.9.30
- Changelog for Contao 4.9.29
- Changelog for Contao 4.9.28
- Changelog for Contao 4.9.27
- Changelog for Contao 4.9.26
- Changelog for Contao 4.9.25
- Changelog for Contao 4.9.24
- Changelog for Contao 4.9.23
- Changelog for Contao 4.9.22
- Changelog for Contao 4.9.21
- Changelog for Contao 4.9.20
- Changelog for Contao 4.9.19
- Changelog for Contao 4.9.18 Security
- Changelog for Contao 4.9.17
- Changelog for Contao 4.9.16 Security
- Changelog for Contao 4.9.15
- Changelog for Contao 4.9.14
- Changelog for Contao 4.9.13
- Changelog for Contao 4.9.12
- Changelog for Contao 4.9.11
- Changelog for Contao 4.9.10
- Changelog for Contao 4.9.9
- Changelog for Contao 4.9.8
- Changelog for Contao 4.9.7
- Changelog for Contao 4.9.6 Security
- Changelog for Contao 4.9.5
- Changelog for Contao 4.9.4
- Changelog for Contao 4.9.3
- Changelog for Contao 4.9.2
- Changelog for Contao 4.9.1
- Changelog for Contao 4.9.0
Contao 4.9.34 (2022-09-15)
Changelog of the fixed issues in Contao 4.9.34:
- #5271 Fix the order of the palette combiner (ausi)
- #5275 Fix the search field in Safari 16 (leofeyer)
- #5276 Fix the opacity of draft elements (leofeyer)
- #5270 Allow symlinked bundle paths in the template files listing (m-vo)
- #5231 Do not use POST values directly for Reply-To and Cc (fritzmg)
- #5226 Fix a CSS issue in the install tool database update screen (leofeyer)
- #5208 Fix custom paste modes not working properly (qzminski)
- #5225 Check the ID when sending comment notifications (leofeyer)
- #5224 Use the correct label for the "confirm password" field (leofeyer)
- #4930 Do not set HTTP header in Versions::addToTemplate (fritzmg)
Contao 4.9.33 (2022-08-17)
Changelog of the fixed issues in Contao 4.9.33:
- #5013 Do not insert fields that do not exist in the DB (aschempp)
- #5164 Fix check for existing label in DcaLoader (ausi)
- #5130 Only set login constants in master request (fritzmg)
- #5155 Deprecate Calendar::addEvent() (ausi)
- #5143 Do not run the DC constructor inside the picker widget (ausi)
- #5132 Check for column options in AdjustSearchUrlLengthListener (fritzmg)
- #5154 Allow empty key for subpalette suffix based on select (dennisbohn)
- #5145 Fix typo in tl_comments (ausi)
Contao 4.9.32 (2022-08-12)
Changelog of the fixed issues in Contao 4.9.32:
- #5123 Remove the "draft" overlay (leofeyer)
- #5121 Remove leftover code in the DataContainer class (fritzmg)
- #4628 Automatically reduce tl_search.url length (fritzmg)
- #4887 Update the Google Analytics tracking snippet (ameotoko)
- #5072 Backport lazy services for CronJob repository (aschempp)
- #5101 Check database version in migrate command (ausi)
- #4777 Fix the missing cache tag invalidation in tree view (Toflar)
- #5075 Do not include "index" in folderUrl (aschempp)
- #4968 Set login constants in request listener (fritzmg)
- #5032 Allow null for PaletteManipulator parent (fritzmg)
- #5077 Fix indeterministic order for non-unique filters in DC_Table (Toflar)
- #5010 Fix adjustTime in tl_calendar_events (fritzmg)
- #5102 Make sure the framework is initialized when accessing config (aschempp)
- #5058 Fix illegal string offsets in the translator (ausi)
- #4964 Fix PHP 8 warning in ModuleRegistration (ameotoko)
- #4975 Fix tl_member source translations for city and state (zoglo)
- #4966 Use cache_suffix for TinyMCE (fritzmg)
- #4366 Revise drafts only when navigating back (ausi)
- #4895 Fix an error in page forward if the $_GET parameter is an array (qzminski)
Contao 4.9.31 (2022-07-05)
Changelog of the fixed issues in Contao 4.9.31:
- #4865 Correctly check ptable when moving records (aschempp)
- #4864 Fix inconsistency when copying child records (aschempp)
- #4906 Improve deprecation warning for DCA FQCN (aschempp)
- #4894 Display an error message if the version cannot be restored (qzminski)
- #4880 Adjust the video file type sorting in the media element (leofeyer)
- #4867 Do not update the search index on redirects (Toflar)
- #4879 Do not call `kernel.terminate` on fresh cache entries (Toflar)
- #4858 Fix 0 to nbsp conversion in the listing module (bezin)
- #4853 Determine the InnoDB index length only once per schema (ausi)
- #4845 Fix the crawl logs view (leofeyer)
- #4828 Correctly clear style sheets on 404 (aschempp)
- #4832 Prevent unlimited recurrences in the event list (leofeyer)
- #4574 Fix the impersonation message (cliffparnitzky)
- #4819 Deprecate CURRENT_ID (ausi)
- #4809 Add a migration for bad playerColor data (ausi)
- #4814 Fix preview toolbar always showing error (fritzmg)
- #4804 Fix SearchIndexSubscriber not respecting noindex hint (Toflar)
- #4802 Ignore website roots with empty language in the meta wizard (fritzmg)
Contao 4.9.30 (2022-06-03)
Changelog of the fixed issues in Contao 4.9.30:
- #4766 Exclude the ModuleWizard checkbox from keyboard access (aschempp)
- #4711 Correctly support legacy DC names in picker provider (aschempp)
- #4718 Fix DBAFS when upload_path contains subfolders (fritzmg)
- #4708 Increase the tl_comments_notify.url length (fritzmg)
- #4727 Deprecate REQUEST_TOKEN (ausi)
- #3742 Show error if preview settings could not be applied (fritzmg)
- #4690 Handle cases when layoutId is not set on page model (bezin)
- #4698 Fix broken filemanager for unsupported images (ausi)
- #4686 Always delete indexed page for unsuccessful responses (fritzmg)
- #4693 Reduce the row sizes of tl_module and tl_content (ausi)
- #4680 Fix the non-JS navigation toggle on backend dashboard (aschempp)
- #4670 Fix type warning in event list (fritzmg)
- #4633 Undeprecate contao.csrf.token_manager (fritzmg)
- #4647 Improve the news archive permission labels (Toflar)
- #4638 Deprecate Frontend::getCronTimeout (fritzmg)
- #4622 Always set a mock session when creating feeds (fritzmg)
- #4621 Correctly handle rgxp natural text field attributes (aschempp)
Contao 4.9.29 (2022-05-05)
Changelog of the fixed issues in Contao 4.9.29:
- #4519 Fix ESI fragments with inline attributes (aschempp)
- #3711 Fix being unable to re-register after token expired (fritzmg)
- #4605 Ignore port in Favicon and RobotsTxt controller (bezin)
- #3887 Make sure the parent directory exists when writing files (aschempp)
- #4596 Fix upload directory check in ImageFactory on Windows (fritzmg)
- #4595 Support more widgets in DC_Folder (fritzmg)
- #4590 Require symfony/deprecation-contracts (leofeyer)
- #4586 Also ignore the Resources folder (aschempp)
- #4588 Backport loop as an option to YouTube videos to 4.9 (fritzmg)
- #4497 Revert the DcaExtractor changes (fritzmg)
- #4500 Fix header fields for blank option (rabauss)
- #4477 Fix undefined value/unit for empty array in headline (rabauss)
- #4463 Sort the selectable templates in install tool (cliffparnitzky)
- #4570 Allow 0 in option wizard as valid input (bezin)
- #4481 Fix AbstractTablePickerProvider (bytehead)
- #4528 Only save personal data if there is no error (aschempp)
- #4195 Set a session for the fake request (fritzmg)
- #4470 Update version number in toggleSubpalette (ausi)
- #4493 Use fixed subject string for List-Unsubscribe header (aschempp)
- #4509 Fix bug with hash comparison in migrate command (ausi)
- #4487 Remove rel="nofollow" for internal pages (fritzmg)
- #4192 Shorten the version description to the length of the DB column (cliffparnitzky)
- #4320 Fix missing hash option for migrate command (ausi)
- #4455 Fix Atom feed generation (fritzmg)
Contao 4.9.28 (2022-03-31)
Changelog of the fixed issues in Contao 4.9.28:
- #4427 Handle long page titles and URLs in the search table (leofeyer)
- #4424 Also hover over the parent records in "paste" mode (leofeyer)
- #4423 Decode the folder name when checking for circular references (leofeyer)
- #4219 Make the contao:install:lock command idempotent (richardhj)
- #4408 Improve insert tags speed (ausi)
- #4252 Fix the trigger_error() calls (leofeyer)
- #4402 Fixed nested http client options not supported (Toflar)
- #4357 Fix srcToInsertTag() for URL encoded paths (fritzmg)
- #4294 Rename the Controller::reset() method (aschempp)
- #4331 Fix typos in the Environment class (fritzmg)
- #4293 Revert 'Do not use the `.tl_confirm` CSS class in the front end' (leofeyer)
- #4299 Fix invalid news content element ID (ausi)
- #4263 Make the search accent insensitive (ausi)
- #4256 Allow fragment reference with fake model instance (aschempp)
- #4236 Also create a new version if a checkbox is auto-submitted (leofeyer)
- #4373 Also clean textarea of caption for last metawizard (aschempp)
- #4322 Use FQCN instead of aliased class name (bytehead)
- #4266 Forward IO to Composer filesystem in ScriptHandler (aschempp)
- #4285 Fix DCA extractor wrongly assuming every DCA is database driven (fritzmg)
Contao 4.9.27 (2022-03-09)
Changelog of the fixed issues in Contao 4.9.27:
- #4248 Correctly encode redirect URLs between 401 pages and login forms (leonexcc)
- #4241 Do not use the `.tl_confirm` CSS class in the front end (leofeyer)
- #4235 Add the `|urlattr` flag in the `StringUtil::srcToInsertTag()` method (leofeyer)
- #4237 Handle `0` as widget attribute value (leofeyer)
- #4233 Make `config.sql` optional in the DCA (leofeyer)
- #4234 Create new versions after the onsubmit_callback in the registration module (leofeyer)
- #4232 Limit the number of suggestions in the front end preview (leofeyer)
- #4231 Remove the `$Template` property from the PageRegular class again (leofeyer)
- #4229 Use the Contao short URL service for keyboard shortcuts (leofeyer)
- #4150 Improve sorting in the system log (bennyborn)
- #4091 Lazy call router when replacing old backend paths (aschempp)
- #4199 Deprecate the ContaoFrameworkInterface service (aschempp)
- #4212 Unset key in URL when switching edit mode (aschempp)
- #4135 Do not configure the default clickjacking paths in the skeleton (fritzmg)
- #4218 Do not process redirected URLs outside base domains (fritzmg)
- #4225 Remove the wizard if a DCA field is not editable (aschempp)
- #4227 Support "submitOnChange" in the PageTree and Picker widgets (aschempp)
- #4226 Deprecate the Page*::generate() methods (aschempp)
- #4210 Fix warning in ModuleArticle if page object is null (bezin)
- #4204 Allow underscores in tag attributes (bytehead)
- #4155 Allow `<summary>` and `<details>` tags by default (Toflar)
- #4083 Unlock flatten option for imagine configuration (rabauss)
- #4105 Fix trailing slashes in URL for Contao 4.9 (aschempp)
Contao 4.9.26 (2022-02-08)
Contao 4.9.25 (2022-02-03)
Changelog of the fixed issues in Contao 4.9.25:
- #3997 Fix several array to string conversions (leofeyer)
- #4056 Fix merging cssID from ContentModule to FrontendModuleController (ameotoko)
- #3857 Fix fragments in RSS feeds (fritzmg)
- #3800 Fix routing with local domain and port (bezin)
- #4009 Fix long content being cut off in the back end popup (qzminski)
- #4031 Backport 'Replace phpunit/token-stream with nikic/php-parser' (m-vo)
- #4020 Fix compatibility with Composer 2.2.5 (ausi)
- #4013 Reload translations if the language changes (ausi)
- #3984 Add the config.allow-plugins settings to the composer.json files (leofeyer)
- #3971 Fix `Input::post()` for form data (fritzmg)
- #3981 Reduce the scope of the authentication listener (fritzmg)
- #3790 Add a debounce wrapper to the username autosuggester (ameotoko)
- #3488 Add a configuration for allowed URL protocols (MarkejN)
- #3910 Fix the ScriptHandlers for Composer 2.3 (fritzmg)
- #3915 Do not generate URLs for insert tags that don’t need it (aschempp)
- #3842 Simplify expression in Crawl\Escargot\Factory (m-vo)
- #3966 Add compatibility with symfony/filesystem 5.4 (ausi)
- #3939 Fix duplicating child records with dynamic ptable (dmolineus)
- #3876 Correctly handle array values in DCs (aschempp)
- #3882 Do not initialize the framework to get the Automator commands (aschempp)
- #3877 Enforce final newline in HTML5 templates (aschempp)
- #3836 Report HTTP exceptions as warnings for the crawler instead of errors (Toflar)
- #3867 Serialize array value before saving (bytehead)
- #3841 Remove an unused setup method (aschempp)
Contao 4.9.24 (2021-12-16)
Changelog of the fixed issues in Contao 4.9.24:
- #3822 Add a Template property to the Controller class (leofeyer)
- #3815 Enable image lazy loading in file manager (fritzmg)
- #3803 Fix infinite 4.8.0 migration when custom templates are present (fritzmg)
- #3792 Fix more PHP8 warnings (aschempp)
- #3788 Clarify internal style sheets deprecation (fritzmg)
- #3787 Do not sort the referrers (leofeyer)
- #3781 Fix unknown «ansi_to_html» filter error (fritzmg)
- #3759 Unify the MakeServicesPublicPass (bytehead)
- #3758 Add transitive dependency on symfony/twig-bridge (richardhj)
Contao 4.9.23 (2021-12-02)
Changelog of the fixed issues in Contao 4.9.23:
- #3741 Make sure GUIDs in RSS feeds are unique (leofeyer)
- #3732 Disable form autocomplete for preview bar (fritzmg)
- #3738 Fix the back end tree view CSS (leofeyer)
- #3734 Delete uploaded files if a form does not validate (fritzmg)
- #3470 Make sure .public is a file and not a directory (fritzmg)
- #3692 Remove the script name before signing a redirect URI (bytehead)
- #3690 Correctly store the referrer in the back end (Toflar)
- #3699 Use ClockMock for time sensitive remember me token test (SeverinGloeckle)
- #3647 Set language of redirect page in global context (rabauss)
- #3668 Do not automatically focus input fields with autocomplete (SeverinGloeckle)
- #3601 Inline fragments should not compile the front end template (aschempp)
- #3656 Do not set the global page object in the back end (leofeyer)
- #3654 Ensure defined admin email is always used as sender (fritzmg)
- #3665 Handle doctrine binary types in version compare view (SeverinGloeckle)
- #3637 Fix the decorator pattern in the FailTolerantProxyCacheWarmer (aschempp)
- #3623 Do not set the server_version (ausi)
- #3627 Add the missing dot-env features (aschempp)
- #3607 Ignore routes without root ID instead of throwing an exception (aschempp)
- #3608 Only change the cache header if no response is passed to Twig render() (aschempp)
- #3595 Fix the base path in the asset context (aschempp)
- #3598 Adjust cache headers for Twig responses (aschempp)
- #3599 Move interest-cohort header to response listener (aschempp)
Contao 4.9.22 (2021-10-20)
Changelog of the fixed issues in Contao 4.9.22:
- #3585 Fix link_url::back insert tag backwards compatibility (ausi)
- #3527 Update the Facebook share link (aschempp)
- #3134 Use the driver from the database URL if there is one (aschempp)
- #3571 Correctly check for tinyMCE (aschempp)
- #3548 Fix pagination item calculation for an even number of links (SeverinGloeckle)
Contao 4.9.21 (2021-10-05)
Changelog of the fixed issues in Contao 4.9.21:
- #3352 Also pass the template object in the "parseFrontendTemplate" hook (xprojects-de)
- #3543 Fix the meta wizard language menu (leofeyer)
- #3496 Handle edge cases in StringUtil::convertEncoding() (SeverinGloeckle)
- #3534 Translate all languages in the file meta data (aschempp)
- #3526 Improve the JwtManager (aschempp)
- #3503 Correctly handle empty image size formats (aschempp)
- #3521 Document another known limitation (leofeyer)
- #3519 Do not encode option values (ausi)
- #3517 Merge duplicate tags in HTML attributes config (ausi)
- #3513 Allow HTML by default only for tinyMCE and ace|html (ausi)
- #3512 Decode the subject when sending form submission via email (ausi)
- #3508 Unset the noComments field if the comments bundle is not installed (leofeyer)
- #3499 Load DataContainer before determining empty value (fritzmg)
- #3497 Fix the option sorting in the back end drop-downs (leofeyer)
- #3475 Allow WebP to PNG/JPG conversion (fritzmg)
- #3480 Correctly handle empty values in the registration module (fritzmg)
- #3481 Fix inconsistencies in the search field rendering (leofeyer)
- #3464 Redirect if the back end is called via the front end preview entry point (leofeyer)
- #3461 Do not reset the entire flash bag when resetting the message system (leofeyer)
- #3416 Dispatch the PreviewUrlCreateEvent even with an empty ID (SeverinGloeckle)
- #3467 Prevent image overflow for selected content elements (fritzmg)
- #3457 Fix the picker for child tables without PID (ausi)
- #3426 Migrate the newsletter module keys in version 4.0 (aschempp)
- #3462 Add a label for "edit multiple" to the deep link confirmation screen (leofeyer)
- #3460 Fix the position of the pagination menu in "edit multiple" mode (leofeyer)
- #3459 Fix a broken if-condition in tl_files::excludeFolder() (leofeyer)
- #3455 Handle flags in insertTagToSrc() (ausi)
- #3454 Fix the event endTime adjustment (fritzmg)
- #3444 Service priority 0 is not the same as not-set priority (aschempp)
- #3441 Add canonical name to routes (aschempp)
- #3329 Make sure X-Forwarded-Host is trusted if trusted hosts are configured (Toflar)
- #3422 Handle % characters in the SERP preview (fritzmg)
- #3407 Respect the decodeEntities flag with rgxp => url (rabauss)
- #3412 Do not dynamically disable HttpCache but rely on env vars instead (Toflar)
- #3423 Convert allowed attributes to lowercase (ausi)
- #3417 Use PHP functions to modify query strings (leofeyer)
- #3405 Harden the version 4.5.0 migration (fritzmg)
- #3394 Show table name in model relation exception (SeverinGloeckle)
- #3402 Fix the Adapter::__call() method signature (SeverinGloeckle)
- #3390 Fix simple token parsing in HTML (ausi)
- #3383 Fix the default quote style (leofeyer)
- #3296 Fix a phpDoc comment in the Pagination class (zonky2)
Contao 4.9.20 (2021-08-24)
Changelog of the fixed issues in Contao 4.9.20:
- #3369 Fix using insert tags in the page title (ausi)
- #3360 Use intl for text direction (fritzmg)
- #3367 Handle insert tag flags in the picker (leofeyer)
- #3310 Add the "dry-run" and "format=ndjson" options to the migrate command (ausi)
- #3359 Fix the media element migration (ausi)
- #3346 Fix versioning condition in DC_Folder edit action (ausi)
- #3356 Make the metadata available in the download element (leofeyer)
- #3341 Clarify contao.preview_script usage (fritzmg)
- #3314 Add support for namespaced attributes (ausi)
- #3303 Warn if the DB server is not running in strict mode (ausi)
- #3321 Correctly explode foreign keys in the DCA (fritzmg)
- #3323 Remove reference to other table from column classname in DC_Table (dennisbohn)
- #3319 Correctly encode HTML comments, <script> and <style> tags (ausi)
- #3315 Do not encode special characters if no tags are allowed (ausi)
- #3311 Fix version creation for entries with dynamic ptable (fritzmg)
- #3278 Check if stopwatch is started before stopping (bytehead)
- #3283 Check if the indexer service exists when purging search tables (bytehead)
Contao 4.9.19 (2021-08-12)
Contao 4.9.18 (2021-08-11)
Security vulnerabilities closed:
- Prevent privilege escalation with the form generator (CVE-2021-37627)
- Prevent PHP file inclusion via insert tags (CVE-2021-37626)
- Prevent XSS via HTML attributes in the back end (CVE-2021-35955)
Contao 4.9.17 (2021-08-04)
Changelog of the fixed issues in Contao 4.9.17:
- #2940 Show the Contao layout in the Symfony profiler (aschempp)
- #3256 Revert 'Lazy-load the rootFallbackLanguage property' (leofeyer)
- #3214 Support request tokens in Symfony forms (ausi)
- #3251 Harden literal insert tag replacement (m-vo)
- #3245 Fix a func_get_arg() value error (ausi)
- #3220 Correctly clean up left-over records in DCA mode 5 (aschempp)
- #3218 Do not start the session in the login module (ausi)
- #3197 Allow defining entities alongside DCA definitions (m-vo)
- #3190 Consider the robots.txt content in the SearchIndexSubscriber (Toflar)
- #3221 Remove the dev firewall (aschempp)
- #3217 Allow robots setting for redirect pages (fritzmg)
- #3210 Ensure the numberOfItems label does refer to items only (Toflar)
- #3216 Add Google Conversion Linker cookie to deny list (ausi)
- #3179 Backport support for namespaced DC drivers (fritzmg)
- #3174 Correctly handle form fields in DC_Folder in "editAll" mode () (leofeyer)
- #3047 Update the YouTube options (leofeyer)
- #3158 Undeprecate the "importUser" hook (bytehead)
- #3125 Check if tstamp exists before hiding unsaved elements (aschempp)
- #3077 Correctly render showColumns in the picker widget (aschempp)
- #2958 Fix the tooltips in the JavaScript wizards (rabauss)
- #3085 Do not disable search and cache in FAQ and newsletter readers (fritzmg)
- #3083 Fix the indentation in the news_full template (fritzmg)
- #3078 Purge log and undo tables via cron (Toflar)
- #3067 Lazy-load the rootFallbackLanguage property (aschempp)
Contao 4.9.16 (2021-06-23)
Security vulnerability closed:
- Cross site scripting in the system log (CVE-2021-35210)
Contao 4.9.15 (2021-06-08)
Changelog of the fixed issues in Contao 4.9.15:
- #3046 Add the "findCalendarBoundaries" hook (leofeyer)
- #2960 Protect users against Google FLoC (aschempp)
- #3058 Do not cast the picker values to integers (leofeyer)
- #3054 Fix a language typo (Toflar)
- #3043 Rename the close button at the bottom of the modal window (leofeyer)
- #3042 Handle non-string arguments in the `FilesModel::findByPath()` method (leofeyer)
- #3041 Use a better label for the password confirmation field (leofeyer)
- #2994 Hide unsaved content elements in the front end (leofeyer)
- #3028 Do not require ocramius/proxy-manager (leofeyer)
- #3007 Allow saving the value `0` in the KeyValueWizard (doishub)
- #3029 Do not modify the select name at runtime (aschempp)
- #2952 Set a label for the Contao Manager back end menu entry (cliffparnitzky)
- #2970 Load protected status from parent pages in customnav (patrickjDE)
- #3000 Simplify the latest DC_Table change (leofeyer)
- #2999 Remove two left-over autocomplete attributes (leofeyer)
Contao 4.9.14 (2021-05-11)
Changelog of the fixed issues in Contao 4.9.14:
- #2996 Correctly strip the root path in the FilesModel and Dbafs classes (leofeyer)
- #2930 Add template properties to fragment proxy (aschempp)
- #2971 Do not render an empty custom navigation (patrickjDE)
- #2946 Fix the page context when generating RSS feeds (fritzmg)
- #2935 Fix the PageModel registry state (ausi)
- #2977 Fix external news targets not opening in a new window (fritzmg)
- #2989 Fix the favicon.ico route (fritzmg)
- #2967 Use the date formats from the page context for insert tags (fritzmg)
- #2894 Fix a normalize whitespace error in the DomCrawler (fritzmg)
- #2811 Add width/height attributes to the picture source (ausi)
- #2979 Fix a regression in the limit menu compilation (bezin)
- #2973 Backport the autocomplete changes (leofeyer)
- #2954 Do not start the session to check if a property exists (aschempp)
- #2957 Show zero values in the list view and DCA filters (fritzmg)
- #2878 Support "submitOnChange" in the FileTree widget (AlexejKossmann)
- #2965 Reset the bundle loader on kernel shutdown (aschempp)
- #2956 Show the values of unknown options (cliffparnitzky)
- #2948 Fix array to string conversion in the picker (ausi)
- #2945 Add the --migrations-only option to the migrate command (ausi)
- #2942 Do not count to check if there is a language file (aschempp)
- #2941 Remove the system log entry for 'no root page found' (fritzmg)
- #2933 Compile the limit menu after all other filter panels (bezin)
- #2906 Fix label callback for tree view in picker widget (rabauss)
- #2926 Use CSS to add the main headline separators (leofeyer)
- #2929 Fix compatibility with doctrine/dbal 2.13 (ausi)
- #2914 Reset invalid important part values in the version 4.8.0 migration (ausi)
- #2913 Fix the "runContextLength" migration when the previous migration has failed (fritzmg)
Contao 4.9.13 (2021-03-24)
Changelog of the fixed issues in Contao 4.9.13:
- #2905 Fix service tagging for url_callback + title_tag_callback (rabauss)
- #2901 Respect _target_path on logout if set (bytehead)
- #2884 Fix the version 4.8.0 migration (ausi)
- #2899 Fix error when using return => Array for models (fritzmg)
- #2893 Fix an "undefined index: filesize" error in the indexer (fritzmg)
- #2883 Return a 404 status code if an image file does not exist (ausi)
- #2887 Add the Cookiebot Cookie Consent cookie to the cookie deny list (MarkejN)
- #2885 Remove a redundant strip cookie regex (leofeyer)
- #2877 Fix the UNIX_TIMESTAMP function in MySQL 8 (leofeyer)
- #2875 Fix two CSS issues in the back end (leofeyer)
- #2876 Adjust the Google Analytics strip cookie regex (leofeyer)
- #2762 Fix loading database.sql files in the DcaExtractor (m-vo)
- #2780 Handle session being null in System::getReferer (m-vo)
- #2864 Use the image template everywhere (fritzmg)
- #2861 Fix table content element not showing zeros (fritzmg)
- #2854 Respect the label field order in the picker (bezin)
- #2837 Use eval.context in the picker if set (ausi)
- #2836 Initialize the Contao framework in the Version480Update class (leofeyer)
- #2838 Adjust the description of the YouTube "rel" option (leofeyer)
- #2827 Fix generating error pages by name (aschempp)
- #2829 Start the session to check for a user token (aschempp)
- #2815 Do not tag contao.db.tl_module. in articles (m-vo)
- #2831 Always sort root pages by language first (aschempp)
- #2674 Handle image URLs with a insert tag in the lightbox (fritzmg)
- #2799 Include table views in the listing module drop-down menu (fritzmg)
- #2689 Follow redirects in the failure method of the Request.Contao class (leofeyer)
- #2735 Handle non-regex values in the search filter (ausi)
- #2777 Ignore empty authorization headers in the MakeResponsePrivateListener (ausi)
- #2800 Fix the json+ld schema extraction (Toflar)
- #2819 Sort root page routes after other page routes (aschempp)
- #2779 Allow 0 as default value for range sliders (fritzmg)
Contao 4.9.12 (2021-02-16)
Changelog of the fixed issues in Contao 4.9.12:
- #2754 Fix the line-height of the main headline in the back end (leofeyer)
- #2755 Remove an unnecessary loadLanguageFile() call (leofeyer)
- #1909 Correctly handle custom default templates of fragments (fritzmg)
- #2721 Ignore custom templates in the back end (fritzmg)
- #2717 Use the chained router to find root pages (aschempp)
- #2747 Do not query for PIDs when building the breadcrumb of a File data container (ausi)
- #2737 Use the internal page title for the search index (Toflar)
- #2497 Re-use the tl_member.password field in ModuleCloseAccount (bennyborn)
- #2688 Fix a BC break in the AbstractFragmentController (leofeyer)
- #2683 Adjust the scheb/2fa-bundle integration (bytehead)
- #2685 Use the request attribute to determine preview mode (aschempp)
Contao 4.9.11 (2021-01-21)
Changelog of the fixed issues in Contao 4.9.11:
- #2667 Ignore Monolog log files when rotating log files (leofeyer)
- #2669 Use a listener to reset custom templates (aschempp)
- #2668 Fix empty value for boolean type (fritzmg)
- #2666 Reset the custom template if the element type changes (leofeyer)
- #2653 Fix the comments cache tagging (leofeyer)
- #2656 Correctly format the search query time (leofeyer)
- #2657 Fix the search query if there are no keywords (leofeyer)
- #2664 Use the 2fa/* subpackages instead of scheb/2fa (bytehead)
- #2659 Handle ID URLs in the combiner (leofeyer)
- #2658 Do not translate the analytics template names (leofeyer)
- #2655 Improve rendering long titles and file names (leofeyer)
- #2654 Always pass the DC object to the toggleFeatured() method (leofeyer)
- #2636 Use the correct User-Agent request header in Escargot (qzminski)
- #2614 Fix the file manager performance with large non-image files (fritzmg)
- #2628 Use the token checker instead of FE_USER_LOGGED_IN constant (fritzmg)
- #2609 Correctly validate min and max values in text fields (aschempp)
- #2591 Retrieve the PageModel from the current request (aschempp)
- #2617 Upgrade scheb/2fa to version 5 (PHP 8 compatibility) (bytehead)
- #2615 Fix the news link markup (fritzmg)
- #2602 Update the CONTRIBUTORS.md file (leofeyer)
- #2588 Do not use the SQL default for empty values (fritzmg)
- #2581 Use the Symfony InvalidArgumentException in commands (m-vo)
Contao 4.9.10 (2020-12-10)
Changelog of the fixed issues in Contao 4.9.10:
- #2551 Fix the cache tag invalidation (leofeyer)
- #2540 Correctly load the DCA labels (aschempp)
- #2550 Do not index preview URLs for searching (leofeyer)
- #2547 Fix the compatibility with scssphp 1.4 (ausi)
- #2545 Move migrations to the core bundle (ausi)
- #2527 Use a textarea for the image caption field (toflar)
- #2521 Do not try to generate fragments for generated fragments (aschempp)
- #2506 Handle the global page model in fragments (aschempp)
- #2535 Add compatibility with PHP 8 (leofeyer)
- #2534 Backport the doctrine-cache-bundle changes (leofeyer)
- #2528 Increase the undo period (toflar)
- #2522 Allow version 3 of toflar/psr6-symfony-http-cache-store (toflar)
- #2509 Add compatibility with terminal42/escargot 1.0 (ausi)
- #2480 Correctly assign the CSS class in the newsletter subscribe module (leofeyer)
- #2479 Correctly handle falsey values when decoding entities (leofeyer)
- #2474 Correctly apply the CSS classes in the content module (leofeyer)
- #2473 Add a Cache-Control header to the back end response (leofeyer)
- #2463 Remove the hard dependency on PDO (fritzmg)
- #2465 Fix routing issue with multiple domains and languages (aschempp)
- #2321 Allow version 2 of the Doctrine bundle (bytehead)
- #2433 Do not use all:unset with the preview toolbar (leofeyer)
Contao 4.9.9 (2020-10-20)
Changelog of the fixed issues in Contao 4.9.9:
- #2434 Correctly move root level pages to the top (leofeyer)
- #2430 Correctly generate the HTML module (leofeyer)
- #2417 Register globals in the fragments pass (aschempp)
- #2416 Remove the Content-Length header when modifying the response (aschempp)
Contao 4.9.8 (2020-10-07)
Changelog of the fixed issues in Contao 4.9.8:
- #2403 Resolve private services in the ContaoCoreExtensionTest class (leofeyer)
- #2399 Remove the last username from the session after use (ausi)
- #2363 Reset the KEY_BLOCK_SIZE when migrating the MySQL engine and row format (aschempp)
- #2388 Ignore the logout URL if no user is present (fritzmg)
- #2376 Add a title tag callback to the SERP preview (leofeyer)
- #2361 Prevent using page aliases that could be page IDs (leofeyer)
- #2380 Fix the popup button padding (leofeyer)
- #2373 Use $this->imageHref in the image.html5 template (leofeyer)
- #2339 Optimize the check for inlined services (aschempp)
- #2366 Harden non-normalized file extension comparisons in the LegacyResizer (m-vo)
- #2369 Correctly check for numeric page IDs (aschempp)
- #2351 Override the size variable for the ce_player template (fritzmg)
- #2362 Correctly handle IDNA hostnames in the root page (leofeyer)
- #2345 Support legacy console scripts in the initialize.php (aschempp)
Contao 4.9.7 (2020-09-25)
Changelog of the fixed issues in Contao 4.9.7:
- #2342 Fix entering 0 in the back end (leofeyer)
- #2343 Only use $dc->id in the protectFolder() method (leofeyer)
Contao 4.9.6 (2020-09-24)
Security vulnerability CVE-2020-25768 closed:
Insert tag injection in forms
Changelog of the fixed issues in Contao 4.9.6:
- #2148 Add support for HTTP cache subscribers (aschempp)
- #2313 Fix the resize options priority in the PictureFactory class (m-vo)
- #2320 Do not prolong unconfirmed opt-in tokens (leofeyer)
- #2300 Do not use the default player size (fritzmg)
- #2290 Fix warnings and deprecations when running unit tests (ausi)
- #2294 Stop using == '' with regard to PHP 8 (leofeyer)
- #2252 Do not change the CSRF token cookie if the response is not successful (fritzmg)
- #2281 Update dependecies for PHP 8.0 compatibility (ausi)
- #2264 Do not try to index a page if the search indexer is disabled (aschempp)
- #2260 Do not use floorToMinute() in the PageModel::loadDetails() method (leofeyer)
- #2257 Only use floorToMinute() in DB queries (leofeyer)
- #2249 Return early in the Search::indexPage() method if nothing has changed (leofeyer)
- #2248 Fix a type error in the back end menu listener (leofeyer)
- #2244 Do not log 503 exceptions (fritzmg)
- #2221 Use a temporary status code to redirect to the language root (leofeyer)
- #2220 Simplify the tl_content header fields (leofeyer)
- #2219 Only update the comment notification URL in the front end (leofeyer)
- #2206 Use the scope matcher if an element renders differently in BE and FE (leofeyer)
- #2204 Only check the request token for master requests (fritzmg)
- #2208 Always load DotEnv files if they exist (leofeyer)
- #2200 Load the default labels in the loadDcaFiles() method (fritzmg)
- #2182 Catch exceptions to prevent the resize images command from failing (ausi)
- #2181 Add the assets URL to non-combined files (ausi)
- #2155 Support captcha input wrapped in DIV (aschempp)
- #2153 Use the class name as cache key in System::import() (leofeyer)
- #2120 Support multiple fragments on the same controller (aschempp)
- #2150 Fix the checkbox height on mobile devices (leofeyer)
Contao 4.9.5 (2020-08-10)
Changelog of the fixed issues in Contao 4.9.5:
- #2139 Also invalidate the ptable cache tags in the DC_Table class (leofeyer)
- #2103 $this->ptable not available in the DataContainer class (leofeyer)
- #2122 Remove the Contao-Merge-Cache-Control header in the master request (leofeyer)
- #2121 Correctly show the default text form field template (leofeyer)
- #2118 Make cookies secure if the request is secure (leofeyer)
- #2115 Do not add empty CSS classes to the template (fritzmg)
- #2097 Use HTTP status code 303 instead of 307 for redirects (leofeyer)
- #2028 Allow new major versions of two third-party packages (leofeyer)
- #2074 Fix the order of the CSRF and the private response listener (ausi)
- #2091 Check if the username has been submitted in the registration module (leofeyer)
- #2087 Show the picker menu even if there is only one tab (leofeyer)
- #2088 Increase the z-index of the top menu overlay (leofeyer)
- #2086 Also indicate default templates in the custom template menu (leofeyer)
- #2089 Use the input event instead of the keyup event in the preview toolbar (m-vo)
- #2083 Update the Matomo tracking code (leofeyer)
- #2085 Fix the tl_user_group.stop help text (leofeyer)
- #2081 Correctly generate the news/events preview URL in multi-domain mode (leofeyer)
- #2077 Correctly show the front end preview bar for non-admin users (leofeyer)
- #2078 Always render the "go to front end" link without preview fragment (leofeyer)
- #2050 Harden the table options lookup in the Installer class (m-vo)
- #2066 Correctly handle empty manager config files (aschempp)
- #619 Fix a potential error if the URL has a percentage in it (qzminski)
- #2055 Change the JSON-LD type "RegularPage" to "Page" (ausi)
- #2057 Set the singleSRC flag for the Youtube/Vimeo splash screen (m-vo)
- #2056 Use expectExceptionMessage() for non-deprecations (ausi)
- #1486 Fix a memory leak in the resize images command (ausi)
- #2040 Remove redundant comments (toflar)
- #2039 Add the missing cache invalidations (toflar)
- #2032 Do not reorder existing DROP INDEX queries to the end (ausi)
- #1982 Add debugging information to the MakeResponsePrivateListener (toflar)
- #2007 Require at least jQuery 3.5 (leofeyer)
- #2005 Fix the textarea height (leofeyer)
- #1991 Fix warning in SearchIndexSubscriberTest (fritzmg)
- #1988 Update terminal42/service-annotation-bundle (aschempp)
- #1978 Reset the preview toolbar styles (aschempp)
- #1966 Do not run migration if tl_image_size table is missing (aschempp)
- #1967 Allow ResourceFinder in autowiring (aschempp)
- #1952 Add the missing ContentModel annotations (fritzmg)
- #1950 Remove two left-over requirements (leofeyer)
- #1943 Revert 'Remove symfony/monolog-bundle dependency from functional tests' (leofeyer)
- #1942 Fix a wrong return value in the back end locale listener test (leofeyer)
- #1932 Improve the error message for unsupported image formats (ausi)
Contao 4.9.4 (2020-07-09)
Changelog of the fixed issues in Contao 4.9.4:
- #1920 Fix the toggle visibility checks (leofeyer)
- #1894 Revert the $rootDir changes in the ContaoModuleBundle class (leofeyer)
- #1919 Revert the alphabetical sorting of the back end menu (leofeyer)
- #1903 Load the security bundle after the framework bundle (baumannsven)
- #1667 Add SCSS source maps in debug mode (denniserdmann)
- #1914 Remove the symfony/monolog-bundle dependency from functional tests (bytehead)
- #1908 Rename Piwik to Matomo and updated the tracking code (rabauss)
- #1865 Store the crawl logs in a unique subfolder per installation (bohnmedia)
- #1892 Fix the visibility of the EnvironmentTest::$projectDir property (leofeyer)
- #1891 Rename all occurrences of rootDir to projectDir (aschempp)
- #1754 Allow forcing a password change upon login in the contao:user:password command (m-vo)
- #1762 Remove the redirect status type from 401 and 403 pages (fritzmg)
- #1871 Reduce the file queries by preloading image models (toflar)
- #1883 Enable framework.assets by default in Managed Edition (fritzmg)
- #1880 Let the user disable 2FA if it is enforced (bytehead)
- #1886 Increase the margin for TinyMCE fields (fritzmg)
- #1879 Fix the back end layout yet again (fritzmg)
- #1877 Fix the widget headline and help wizard alignment (leofeyer)
- #1875 Fix the search field height in the back end (leofeyer)
- #1844 Lazy-load commands (aschempp)
- #1823 Fix back end layout problems in various browsers (fritzmg)
- #1815 Show error 500 for unsupported image types (ausi)
- #1843 Added Tideways profiler cookie to the cookie deny list (toflar)
- #1840 Improve the legacy class import performance (toflar)
- #1839 Improve the performance of the file manager (toflar)
- #1828 Correctly fix the mailer transport (fritzmg)
- #1827 Add compatibility with imagine-svg 1.0 (ausi)
- #1817 Ignore minlength/maxlength/minval/maxval in hidden fields (qzminski)
- #1763 Add the Osano Cookie Consent cookie to the cookie deny list (mynyx)
- #1771 Replace "visitors" with "members" in the 2FA explanation (mynyx)
- #1774 Fix addImageToTemplate with fullsize (fritzmg)
- #1788 Fix Escargot 0.6 compat and skip broken link checker (toflar)
- #1583 Hide the crawler in maintenance mode (leofeyer)
- #1776 Correctly redirect to the preferred language if there is no index alias (aschempp)
- #1790 Ignore the Litespeed HTTP2 Smart Push cookie (toflar)
- #1761 Use the createResult() method in CeAccessMigration (fritzmg)
Contao 4.9.3 (2021-05-14)
Changelog of the fixed issues in Contao 4.9.3:
- #1745 Replace ocramius/package-versions with composer/package-versions-deprecated (leofeyer)
- #1742 Fix notices for empty database result sets (ausi)
- #1743 Correctly check for duplicate input parameters (aschempp)
- #1740 Rename "security question" to "spam protection" (leofeyer)
- #1699 Ignore minval/maxval in checkbox/radio/select fields (aschempp)
- #1738 Re-add the page ID to the JSON-LD context (leofeyer)
- #1729 Always show the default template in the drop-down menu (leofeyer)
- #1701 Improve the deprecation message of the AbstractLockedCommand (blog404de)
- #1733 Fix the indentation in the event_list.html5 template (leofeyer)
- #1732 Redirect if a news/event has an external target and is called via the default URL (leofeyer)
- #1727 Move the metadata fields back up in the news/events module (leofeyer)
- #1715 Re-add the redirect in the BackendUser::authenticate() method (leofeyer)
- #1712 Remove the broken storeFrontendReferer() method (leofeyer)
- #1711 Fix fixed position of toolbar elements (fritzmg)
- #1651 Execute schema diff queries in the correct order (ausi)
- #1694 Handle invalid language codes in the meta wizard (leofeyer)
- #1692 Skip the preview redirect if the preview script is not set (leofeyer)
- #1691 Add the translation domain in the installation controller (leofeyer)
- #1625 Fix the wrong CSRF token storage being wired (toflar)
- #1628 Adjust the FrontendController::checkCookiesAction() comment (mynyx)
- #1638 Correctly check if the search panel is active (dmolineus)
- #1658 Add the Contao Manager cookie to the cookie deny list (mynyx)
- #1663 Fix the playerAspect default value (fritzmg)
- #1668 Fix running the broken link checker (richardhj)
- #1670 Fix the search indexer page detection (qzminski)
- #1673 Do not update the search index if contao itself is crawling (toflar)
- #1642 Fix the tl_maintenance_jobs.crawl_queue explanation (mynyx)
- #1640 Return the request argument if it has the correct type (aschempp)
- #1634 Verify TOTP with a window of 1 for better UX (toflar)
- #1623 Also add z-index to the .cto-toolbar__open element (leofeyer)
- #1590 Change how to count records in RobotsTxtListener (fritzmg)
Contao 4.9.2 (2020-04-02)
Changelog of the fixed issues in Contao 4.9.2:
- #1615 Add additional Google Analytics cookies to the cookie deny list (mynyx)
- #1614 Fix a comment in the MakeResponsePrivateListener class (mynyx)
- #1613 Fix the Contao toolbar labels (leofeyer)
- #1612 Ensure that the login icons are always visible in Firefox (leofeyer)
- #1608 Increase the split button breakpoint (leofeyer)
- #1600 Correctly filter subscriber specific crawl logs (toflar)
- #1599 Fixed broken URIs not being reported as error in search index subscriber (toflar)
- #1598 Hide the metadata fields if a news/event points to an external source (leofeyer)
- #1549 Dynamically configure the TokenChecker service (bytehead)
- #1592 Fix the picker in the meta wizard (leofeyer)
- #1596 Handle the "toggle nodes" command in the main back end method (leofeyer)
- #1597 Correctly check whether a group is allowed to import themes (leofeyer)
- #1542 Keep the sorting of the selected IDs for actions (rabauss)
- #1595 Use the correct page title on the back end dashboard page (leofeyer)
- #1593 Re-add the "edit meta" label in the news and calendar bundles (leofeyer)
- #1591 Show all files in the template editor (leofeyer)
- #1579 Fix the preview bar alignment (leofeyer)
- #1586 Correctly check for loaded languages when adding the default labels (leofeyer)
- #1584 Show "-" if the device family is "Other" (leofeyer)
- #1582 Remove the default preview bar datalist option (leofeyer)
- #1581 Disable the "switch user" button if it would impersonate the original user (leofeyer)
- #1580 Fix the tl_content.listtype DCA definition (leofeyer)
- #1554 Send the correct content type for SVG favicons (toflar)
- #1551 Allow SVG images in favicons (toflar)
- #1541 Show label instead of ID in the picker widget (ausi)
- #1525 Remove string type hint as there can be an array value (bytehead)
- #1182 Allow clearing the model registry (m-vo)
- #1534 Port the 'handle URL suffix when redirecting page IDs' changes (leofeyer)
- #1533 Correctly sort if both root pages are fallback (aschempp)
- #1532 Fixed some Piwik/Matomo cookie regex (aschempp)
- #1520 Optimize MSC.twoFactorBackupCodesExplain (mynyx)
- #1513 Fix a "toggle element" permission check (rabauss)
- #1493 Adjust the JSON-LD data in the default indexer test (leofeyer)
- #1475 Register custom types in functional tests (aschempp)
- #1437 Translate the "show preview toolbar" title (richardhj)
- #1457 Use a context prefix in the JSON-LD schema (ausi)
- #1455 Do not expose the page ID in the JSON-LD context (toflar)
- #1450 Use the native font stack in the layout.html.twig template (fritzmg)
- #1439 Fix missing image sizes with numeric theme names (ausi)
- #1444 Make sure log messages are in proper CSV format (toflar)
- #1445 Retry failed schema diff migrations (ausi)
- #1453 Fix the input length of the alias fields (aschempp)
Contao 4.9.1 (2020-02-27)
Changelog of the fixed issues in Contao 4.9.1:
- #1423 Revert the document.write() changes (leofeyer)
- #1420 Handle the "no JSON-LD found" case separately from the "noSearch" case (leofeyer)
- #1421 Update the composer run documentation in the README.md file (leofeyer)
- #1411 Skip orphan pages in the route provider (aschempp)
- #1419 Always append the current URL on redirect (aschempp)
- #1416 Correctly check if a folder has been renamed (leofeyer)
- #1417 Fix uploading files into mounted folders for regular users (leofeyer)
- #1418 Add a better DNS check in the site structure (leofeyer)
- #1413 Correctly calculate the crawler progress (leofeyer)
- #1396 Do not show the current URI in the progress bar title when crawling (toflar)
- #1385 Warn if the crawler runs without a domain name (toflar)
- #1369 Clear the dev cache in the script handler (toflar)
- #1370 Make sure the subdirectory in the tmp folder exists (toflar)
- #1377 Fix the getAttributesFromDca() type hint (leofeyer)
- #1376 Adjust the login screen again (leofeyer)
- #1375 Simulate active state of the debug button in debug mode (leofeyer)
- #1374 Show the correct help text for the 2FA verification field (leofeyer)
- #1373 Fix the Ajax visibility toggle in the site structure (leofeyer)
- #1372 Correctly save new template folders (leofeyer)
- #1359 Fix the PictureFactoryInterface::create() type hint (bytehead)
- #1364 Fix the login screen CSS (leofeyer)
- #1354 Hide the 2FA fields in the back end info modal (bytehead)
Contao 4.9.0 (2020-02-18)
Changelog of the fixed issues in Contao 4.9.0:
- #1348 Correctly align the wizard icon (leofeyer)
- #1336 Make the contao.search.indexer service public (leofeyer)
- #1250 Use a custom schema for the search indexing metadata (toflar)
- #1335 Correctly highlight phrases in the search results (leofeyer)
- #1323 Adjust the SERP widget to the Google search results (leofeyer)
- #1299 Fix several trusted device issues (bytehead)
- #1327 Fix rendering the picker preview (leofeyer)
- #1324 Sort the back end menu items alphabetically by label (leofeyer)
- #1322 Clear trusted devices when disabling 2FA (bytehead)
- #1320 Replace "recovery codes" with "backup codes" (leofeyer)
- #1295 Handle removed search indexers (toflar)