
About Contao 4.9 LTS
The first stable version of Contao 4.9 was released on February 18, 2020, replacing Contao 4.4 as the long term support version. As an LTS version, 4.9 will be provided with bug fixes until February 14, 2023 and security-related updates until February 14, 2024. Contao 4.13 will be the next LTS version of Contao and will be released in February 2022, ensuring a stress-free transition.
Changelog Contao 4.9
Contao 4.9.13 (2021-03-24)
Fixed issues in Contao 4.9.13:
- #2905 Fix service tagging for url_callback + title_tag_callback (rabauss)
- #2901 Respect _target_path on logout if set (bytehead)
- #2884 Fix the version 4.8.0 migration (ausi)
- #2899 Fix error when using return => Array for models (fritzmg)
- #2893 Fix an "undefined index: filesize" error in the indexer (fritzmg)
- #2883 Return a 404 status code if an image file does not exist (ausi)
- #2887 Add the Cookiebot Cookie Consent cookie to the cookie deny list (MarkejN)
- #2885 Remove a redundant strip cookie regex (leofeyer)
- #2877 Fix the UNIX_TIMESTAMP function in MySQL 8 (leofeyer)
- #2875 Fix two CSS issues in the back end (leofeyer)
- #2876 Adjust the Google Analytics strip cookie regex (leofeyer)
- #2762 Fix loading database.sql files in the DcaExtractor (m-vo)
- #2780 Handle session being null in System::getReferer (m-vo)
- #2864 Use the image template everywhere (fritzmg)
- #2861 Fix table content element not showing zeros (fritzmg)
- #2854 Respect the label field order in the picker (bezin)
- #2837 Use eval.context in the picker if set (ausi)
- #2836 Initialize the Contao framework in the Version480Update class (leofeyer)
- #2838 Adjust the description of the YouTube "rel" option (leofeyer)
- #2827 Fix generating error pages by name (aschempp)
- #2829 Start the session to check for a user token (aschempp)
- #2815 Do not tag contao.db.tl_module. in articles (m-vo)
- #2831 Always sort root pages by language first (aschempp)
- #2674 Handle image URLs with a insert tag in the lightbox (fritzmg)
- #2799 Include table views in the listing module drop-down menu (fritzmg)
- #2689 Follow redirects in the failure method of the Request.Contao class (leofeyer)
- #2735 Handle non-regex values in the search filter (ausi)
- #2777 Ignore empty authorization headers in the MakeResponsePrivateListener (ausi)
- #2800 Fix the json+ld schema extraction (Toflar)
- #2819 Sort root page routes after other page routes (aschempp)
- #2779 Allow 0 as default value for range sliders (fritzmg)
Contao 4.9.12 (2021-02-16)
Fixed issues in Contao 4.9.12:
- #2754 Fix the line-height of the main headline in the back end (leofeyer)
- #2755 Remove an unnecessary loadLanguageFile() call (leofeyer)
- #1909 Correctly handle custom default templates of fragments (fritzmg)
- #2721 Ignore custom templates in the back end (fritzmg)
- #2717 Use the chained router to find root pages (aschempp)
- #2747 Do not query for PIDs when building the breadcrumb of a File data container (ausi)
- #2737 Use the internal page title for the search index (Toflar)
- #2497 Re-use the tl_member.password field in ModuleCloseAccount (bennyborn)
- #2688 Fix a BC break in the AbstractFragmentController (leofeyer)
- #2683 Adjust the scheb/2fa-bundle integration (bytehead)
- #2685 Use the request attribute to determine preview mode (aschempp)
Contao 4.9.11 (2021-01-21)
Fixed issues in Contao 4.9.11:
- #2667 Ignore Monolog log files when rotating log files (leofeyer)
- #2669 Use a listener to reset custom templates (aschempp)
- #2668 Fix empty value for boolean type (fritzmg)
- #2666 Reset the custom template if the element type changes (leofeyer)
- #2653 Fix the comments cache tagging (leofeyer)
- #2656 Correctly format the search query time (leofeyer)
- #2657 Fix the search query if there are no keywords (leofeyer)
- #2664 Use the 2fa/* subpackages instead of scheb/2fa (bytehead)
- #2659 Handle ID URLs in the combiner (leofeyer)
- #2658 Do not translate the analytics template names (leofeyer)
- #2655 Improve rendering long titles and file names (leofeyer)
- #2654 Always pass the DC object to the toggleFeatured() method (leofeyer)
- #2636 Use the correct User-Agent request header in Escargot (qzminski)
- #2614 Fix the file manager performance with large non-image files (fritzmg)
- #2628 Use the token checker instead of FE_USER_LOGGED_IN constant (fritzmg)
- #2609 Correctly validate min and max values in text fields (aschempp)
- #2591 Retrieve the PageModel from the current request (aschempp)
- #2617 Upgrade scheb/2fa to version 5 (PHP 8 compatibility) (bytehead)
- #2615 Fix the news link markup (fritzmg)
- #2602 Update the CONTRIBUTORS.md file (leofeyer)
- #2588 Do not use the SQL default for empty values (fritzmg)
- #2581 Use the Symfony InvalidArgumentException in commands (m-vo)
Contao 4.9.10 (2020-12-10)
Fixed issues in Contao 4.9.10:
- #2551 Fix the cache tag invalidation (leofeyer)
- #2540 Correctly load the DCA labels (aschempp)
- #2550 Do not index preview URLs for searching (leofeyer)
- #2547 Fix the compatibility with scssphp 1.4 (ausi)
- #2545 Move migrations to the core bundle (ausi)
- #2527 Use a textarea for the image caption field (toflar)
- #2521 Do not try to generate fragments for generated fragments (aschempp)
- #2506 Handle the global page model in fragments (aschempp)
- #2535 Add compatibility with PHP 8 (leofeyer)
- #2534 Backport the doctrine-cache-bundle changes (leofeyer)
- #2528 Increase the undo period (toflar)
- #2522 Allow version 3 of toflar/psr6-symfony-http-cache-store (toflar)
- #2509 Add compatibility with terminal42/escargot 1.0 (ausi)
- #2480 Correctly assign the CSS class in the newsletter subscribe module (leofeyer)
- #2479 Correctly handle falsey values when decoding entities (leofeyer)
- #2474 Correctly apply the CSS classes in the content module (leofeyer)
- #2473 Add a Cache-Control header to the back end response (leofeyer)
- #2463 Remove the hard dependency on PDO (fritzmg)
- #2465 Fix routing issue with multiple domains and languages (aschempp)
- #2321 Allow version 2 of the Doctrine bundle (bytehead)
- #2433 Do not use all:unset with the preview toolbar (leofeyer)
Contao 4.9.9 (2020-10-20)
Fixed issues in Contao 4.9.9:
- #2434 Correctly move root level pages to the top (leofeyer)
- #2430 Correctly generate the HTML module (leofeyer)
- #2417 Register globals in the fragments pass (aschempp)
- #2416 Remove the Content-Length header when modifying the response (aschempp)
Contao 4.9.8 (2020-10-07)
Fixed issues in Contao 4.9.8:
- #2403 Resolve private services in the ContaoCoreExtensionTest class (leofeyer)
- #2399 Remove the last username from the session after use (ausi)
- #2363 Reset the KEY_BLOCK_SIZE when migrating the MySQL engine and row format (aschempp)
- #2388 Ignore the logout URL if no user is present (fritzmg)
- #2376 Add a title tag callback to the SERP preview (leofeyer)
- #2361 Prevent using page aliases that could be page IDs (leofeyer)
- #2380 Fix the popup button padding (leofeyer)
- #2373 Use $this->imageHref in the image.html5 template (leofeyer)
- #2339 Optimize the check for inlined services (aschempp)
- #2366 Harden non-normalized file extension comparisons in the LegacyResizer (m-vo)
- #2369 Correctly check for numeric page IDs (aschempp)
- #2351 Override the size variable for the ce_player template (fritzmg)
- #2362 Correctly handle IDNA hostnames in the root page (leofeyer)
- #2345 Support legacy console scripts in the initialize.php (aschempp)
Contao 4.9.7 (2020-09-25)
Fixed issues in Contao 4.9.7:
- #2342 Fix entering 0 in the back end (leofeyer)
- #2343 Only use $dc->id in the protectFolder() method (leofeyer)
Contao 4.9.6 (2020-09-24)
Security vulnerability CVE-2020-25768 closed:
Insert tag injection in forms
Fixed issues in Contao 4.9.6:
- #2148 Add support for HTTP cache subscribers (aschempp)
- #2313 Fix the resize options priority in the PictureFactory class (m-vo)
- #2320 Do not prolong unconfirmed opt-in tokens (leofeyer)
- #2300 Do not use the default player size (fritzmg)
- #2290 Fix warnings and deprecations when running unit tests (ausi)
- #2294 Stop using == '' with regard to PHP 8 (leofeyer)
- #2252 Do not change the CSRF token cookie if the response is not successful (fritzmg)
- #2281 Update dependecies for PHP 8.0 compatibility (ausi)
- #2264 Do not try to index a page if the search indexer is disabled (aschempp)
- #2260 Do not use floorToMinute() in the PageModel::loadDetails() method (leofeyer)
- #2257 Only use floorToMinute() in DB queries (leofeyer)
- #2249 Return early in the Search::indexPage() method if nothing has changed (leofeyer)
- #2248 Fix a type error in the back end menu listener (leofeyer)
- #2244 Do not log 503 exceptions (fritzmg)
- #2221 Use a temporary status code to redirect to the language root (leofeyer)
- #2220 Simplify the tl_content header fields (leofeyer)
- #2219 Only update the comment notification URL in the front end (leofeyer)
- #2206 Use the scope matcher if an element renders differently in BE and FE (leofeyer)
- #2204 Only check the request token for master requests (fritzmg)
- #2208 Always load DotEnv files if they exist (leofeyer)
- #2200 Load the default labels in the loadDcaFiles() method (fritzmg)
- #2182 Catch exceptions to prevent the resize images command from failing (ausi)
- #2181 Add the assets URL to non-combined files (ausi)
- #2155 Support captcha input wrapped in DIV (aschempp)
- #2153 Use the class name as cache key in System::import() (leofeyer)
- #2120 Support multiple fragments on the same controller (aschempp)
- #2150 Fix the checkbox height on mobile devices (leofeyer)
Contao 4.9.5 (2020-08-10)
Fixed issues in Contao 4.9.5:
- #2139 Also invalidate the ptable cache tags in the DC_Table class (leofeyer)
- #2103 $this->ptable not available in the DataContainer class (leofeyer)
- #2122 Remove the Contao-Merge-Cache-Control header in the master request (leofeyer)
- #2121 Correctly show the default text form field template (leofeyer)
- #2118 Make cookies secure if the request is secure (leofeyer)
- #2115 Do not add empty CSS classes to the template (fritzmg)
- #2097 Use HTTP status code 303 instead of 307 for redirects (leofeyer)
- #2028 Allow new major versions of two third-party packages (leofeyer)
- #2074 Fix the order of the CSRF and the private response listener (ausi)
- #2091 Check if the username has been submitted in the registration module (leofeyer)
- #2087 Show the picker menu even if there is only one tab (leofeyer)
- #2088 Increase the z-index of the top menu overlay (leofeyer)
- #2086 Also indicate default templates in the custom template menu (leofeyer)
- #2089 Use the input event instead of the keyup event in the preview toolbar (m-vo)
- #2083 Update the Matomo tracking code (leofeyer)
- #2085 Fix the tl_user_group.stop help text (leofeyer)
- #2081 Correctly generate the news/events preview URL in multi-domain mode (leofeyer)
- #2077 Correctly show the front end preview bar for non-admin users (leofeyer)
- #2078 Always render the "go to front end" link without preview fragment (leofeyer)
- #2050 Harden the table options lookup in the Installer class (m-vo)
- #2066 Correctly handle empty manager config files (aschempp)
- #619 Fix a potential error if the URL has a percentage in it (qzminski)
- #2055 Change the JSON-LD type "RegularPage" to "Page" (ausi)
- #2057 Set the singleSRC flag for the Youtube/Vimeo splash screen (m-vo)
- #2056 Use expectExceptionMessage() for non-deprecations (ausi)
- #1486 Fix a memory leak in the resize images command (ausi)
- #2040 Remove redundant comments (toflar)
- #2039 Add the missing cache invalidations (toflar)
- #2032 Do not reorder existing DROP INDEX queries to the end (ausi)
- #1982 Add debugging information to the MakeResponsePrivateListener (toflar)
- #2007 Require at least jQuery 3.5 (leofeyer)
- #2005 Fix the textarea height (leofeyer)
- #1991 Fix warning in SearchIndexSubscriberTest (fritzmg)
- #1988 Update terminal42/service-annotation-bundle (aschempp)
- #1978 Reset the preview toolbar styles (aschempp)
- #1966 Do not run migration if tl_image_size table is missing (aschempp)
- #1967 Allow ResourceFinder in autowiring (aschempp)
- #1952 Add the missing ContentModel annotations (fritzmg)
- #1950 Remove two left-over requirements (leofeyer)
- #1943 Revert 'Remove symfony/monolog-bundle dependency from functional tests' (leofeyer)
- #1942 Fix a wrong return value in the back end locale listener test (leofeyer)
- #1932 Improve the error message for unsupported image formats (ausi)
Contao 4.9.4 (2020-07-09)
Fixed issues in Contao 4.9.4:
- #1920 Fix the toggle visibility checks (leofeyer)
- #1894 Revert the $rootDir changes in the ContaoModuleBundle class (leofeyer)
- #1919 Revert the alphabetical sorting of the back end menu (leofeyer)
- #1903 Load the security bundle after the framework bundle (baumannsven)
- #1667 Add SCSS source maps in debug mode (denniserdmann)
- #1914 Remove the symfony/monolog-bundle dependency from functional tests (bytehead)
- #1908 Rename Piwik to Matomo and updated the tracking code (rabauss)
- #1865 Store the crawl logs in a unique subfolder per installation (bohnmedia)
- #1892 Fix the visibility of the EnvironmentTest::$projectDir property (leofeyer)
- #1891 Rename all occurrences of rootDir to projectDir (aschempp)
- #1754 Allow forcing a password change upon login in the contao:user:password command (m-vo)
- #1762 Remove the redirect status type from 401 and 403 pages (fritzmg)
- #1871 Reduce the file queries by preloading image models (toflar)
- #1883 Enable framework.assets by default in Managed Edition (fritzmg)
- #1880 Let the user disable 2FA if it is enforced (bytehead)
- #1886 Increase the margin for TinyMCE fields (fritzmg)
- #1879 Fix the back end layout yet again (fritzmg)
- #1877 Fix the widget headline and help wizard alignment (leofeyer)
- #1875 Fix the search field height in the back end (leofeyer)
- #1844 Lazy-load commands (aschempp)
- #1823 Fix back end layout problems in various browsers (fritzmg)
- #1815 Show error 500 for unsupported image types (ausi)
- #1843 Added Tideways profiler cookie to the cookie deny list (toflar)
- #1840 Improve the legacy class import performance (toflar)
- #1839 Improve the performance of the file manager (toflar)
- #1828 Correctly fix the mailer transport (fritzmg)
- #1827 Add compatibility with imagine-svg 1.0 (ausi)
- #1817 Ignore minlength/maxlength/minval/maxval in hidden fields (qzminski)
- #1763 Add the Osano Cookie Consent cookie to the cookie deny list (mynyx)
- #1771 Replace "visitors" with "members" in the 2FA explanation (mynyx)
- #1774 Fix addImageToTemplate with fullsize (fritzmg)
- #1788 Fix Escargot 0.6 compat and skip broken link checker (toflar)
- #1583 Hide the crawler in maintenance mode (leofeyer)
- #1776 Correctly redirect to the preferred language if there is no index alias (aschempp)
- #1790 Ignore the Litespeed HTTP2 Smart Push cookie (toflar)
- #1761 Use the createResult() method in CeAccessMigration (fritzmg)
Contao 4.9.3 (2021-05-14)
Fixed issues in Contao 4.9.3:
- #1745 Replace ocramius/package-versions with composer/package-versions-deprecated (leofeyer)
- #1742 Fix notices for empty database result sets (ausi)
- #1743 Correctly check for duplicate input parameters (aschempp)
- #1740 Rename "security question" to "spam protection" (leofeyer)
- #1699 Ignore minval/maxval in checkbox/radio/select fields (aschempp)
- #1738 Re-add the page ID to the JSON-LD context (leofeyer)
- #1729 Always show the default template in the drop-down menu (leofeyer)
- #1701 Improve the deprecation message of the AbstractLockedCommand (blog404de)
- #1733 Fix the indentation in the event_list.html5 template (leofeyer)
- #1732 Redirect if a news/event has an external target and is called via the default URL (leofeyer)
- #1727 Move the metadata fields back up in the news/events module (leofeyer)
- #1715 Re-add the redirect in the BackendUser::authenticate() method (leofeyer)
- #1712 Remove the broken storeFrontendReferer() method (leofeyer)
- #1711 Fix fixed position of toolbar elements (fritzmg)
- #1651 Execute schema diff queries in the correct order (ausi)
- #1694 Handle invalid language codes in the meta wizard (leofeyer)
- #1692 Skip the preview redirect if the preview script is not set (leofeyer)
- #1691 Add the translation domain in the installation controller (leofeyer)
- #1625 Fix the wrong CSRF token storage being wired (toflar)
- #1628 Adjust the FrontendController::checkCookiesAction() comment (mynyx)
- #1638 Correctly check if the search panel is active (dmolineus)
- #1658 Add the Contao Manager cookie to the cookie deny list (mynyx)
- #1663 Fix the playerAspect default value (fritzmg)
- #1668 Fix running the broken link checker (richardhj)
- #1670 Fix the search indexer page detection (qzminski)
- #1673 Do not update the search index if contao itself is crawling (toflar)
- #1642 Fix the tl_maintenance_jobs.crawl_queue explanation (mynyx)
- #1640 Return the request argument if it has the correct type (aschempp)
- #1634 Verify TOTP with a window of 1 for better UX (toflar)
- #1623 Also add z-index to the .cto-toolbar__open element (leofeyer)
- #1590 Change how to count records in RobotsTxtListener (fritzmg)
Contao 4.9.2 (2020-04-02)
Fixed issues in Contao 4.9.2:
- #1615 Add additional Google Analytics cookies to the cookie deny list (mynyx)
- #1614 Fix a comment in the MakeResponsePrivateListener class (mynyx)
- #1613 Fix the Contao toolbar labels (leofeyer)
- #1612 Ensure that the login icons are always visible in Firefox (leofeyer)
- #1608 Increase the split button breakpoint (leofeyer)
- #1600 Correctly filter subscriber specific crawl logs (toflar)
- #1599 Fixed broken URIs not being reported as error in search index subscriber (toflar)
- #1598 Hide the metadata fields if a news/event points to an external source (leofeyer)
- #1549 Dynamically configure the TokenChecker service (bytehead)
- #1592 Fix the picker in the meta wizard (leofeyer)
- #1596 Handle the "toggle nodes" command in the main back end method (leofeyer)
- #1597 Correctly check whether a group is allowed to import themes (leofeyer)
- #1542 Keep the sorting of the selected IDs for actions (rabauss)
- #1595 Use the correct page title on the back end dashboard page (leofeyer)
- #1593 Re-add the "edit meta" label in the news and calendar bundles (leofeyer)
- #1591 Show all files in the template editor (leofeyer)
- #1579 Fix the preview bar alignment (leofeyer)
- #1586 Correctly check for loaded languages when adding the default labels (leofeyer)
- #1584 Show "-" if the device family is "Other" (leofeyer)
- #1582 Remove the default preview bar datalist option (leofeyer)
- #1581 Disable the "switch user" button if it would impersonate the original user (leofeyer)
- #1580 Fix the tl_content.listtype DCA definition (leofeyer)
- #1554 Send the correct content type for SVG favicons (toflar)
- #1551 Allow SVG images in favicons (toflar)
- #1541 Show label instead of ID in the picker widget (ausi)
- #1525 Remove string type hint as there can be an array value (bytehead)
- #1182 Allow clearing the model registry (m-vo)
- #1534 Port the 'handle URL suffix when redirecting page IDs' changes (leofeyer)
- #1533 Correctly sort if both root pages are fallback (aschempp)
- #1532 Fixed some Piwik/Matomo cookie regex (aschempp)
- #1520 Optimize MSC.twoFactorBackupCodesExplain (mynyx)
- #1513 Fix a "toggle element" permission check (rabauss)
- #1493 Adjust the JSON-LD data in the default indexer test (leofeyer)
- #1475 Register custom types in functional tests (aschempp)
- #1437 Translate the "show preview toolbar" title (richardhj)
- #1457 Use a context prefix in the JSON-LD schema (ausi)
- #1455 Do not expose the page ID in the JSON-LD context (toflar)
- #1450 Use the native font stack in the layout.html.twig template (fritzmg)
- #1439 Fix missing image sizes with numeric theme names (ausi)
- #1444 Make sure log messages are in proper CSV format (toflar)
- #1445 Retry failed schema diff migrations (ausi)
- #1453 Fix the input length of the alias fields (aschempp)
Contao 4.9.1 (2020-02-27)
Fixed issues in Contao 4.9.1:
- #1423 Revert the document.write() changes (leofeyer)
- #1420 Handle the "no JSON-LD found" case separately from the "noSearch" case (leofeyer)
- #1421 Update the composer run documentation in the README.md file (leofeyer)
- #1411 Skip orphan pages in the route provider (aschempp)
- #1419 Always append the current URL on redirect (aschempp)
- #1416 Correctly check if a folder has been renamed (leofeyer)
- #1417 Fix uploading files into mounted folders for regular users (leofeyer)
- #1418 Add a better DNS check in the site structure (leofeyer)
- #1413 Correctly calculate the crawler progress (leofeyer)
- #1396 Do not show the current URI in the progress bar title when crawling (toflar)
- #1385 Warn if the crawler runs without a domain name (toflar)
- #1369 Clear the dev cache in the script handler (toflar)
- #1370 Make sure the subdirectory in the tmp folder exists (toflar)
- #1377 Fix the getAttributesFromDca() type hint (leofeyer)
- #1376 Adjust the login screen again (leofeyer)
- #1375 Simulate active state of the debug button in debug mode (leofeyer)
- #1374 Show the correct help text for the 2FA verification field (leofeyer)
- #1373 Fix the Ajax visibility toggle in the site structure (leofeyer)
- #1372 Correctly save new template folders (leofeyer)
- #1359 Fix the PictureFactoryInterface::create() type hint (bytehead)
- #1364 Fix the login screen CSS (leofeyer)
- #1354 Hide the 2FA fields in the back end info modal (bytehead)
Contao 4.9.0 (2020-02-18)
Fixed issues in Contao 4.9.0:
- #1348 Correctly align the wizard icon (leofeyer)
- #1336 Make the contao.search.indexer service public (leofeyer)
- #1250 Use a custom schema for the search indexing metadata (toflar)
- #1335 Correctly highlight phrases in the search results (leofeyer)
- #1323 Adjust the SERP widget to the Google search results (leofeyer)
- #1299 Fix several trusted device issues (bytehead)
- #1327 Fix rendering the picker preview (leofeyer)
- #1324 Sort the back end menu items alphabetically by label (leofeyer)
- #1322 Clear trusted devices when disabling 2FA (bytehead)
- #1320 Replace "recovery codes" with "backup codes" (leofeyer)
- #1295 Handle removed search indexers (toflar)