About Contao 4.11
The first stable version of Contao 4.11 has been released on 17 February 2021 and was the successor of Contao 4.10. 4.11 has been prvoided with updates until 14 August 2021, after which it was replaced by Contao 4.12.
Changelog Contao 4.11
Contents
Contao 4.11.9 (2021-08-24)
Changelog of the fixed issues in Contao 4.11.9:
- #3340 Fix another undefined array key warning (bytehead)
- #3308 Fix undefined array keys (BugBuster1701)
Contao 4.11.8 (2021-08-12)
Contao 4.11.7 (2021-08-11)
Security vulnerabilities closed:
- Prevent privilege escalation with the form generator (CVE-2021-37627)
- Prevent PHP file inclusion via insert tags (CVE-2021-37626)
- Prevent XSS via HTML attributes in the back end (CVE-2021-35955)
Contao 4.11.6 (2021-08-04)
Changelog of the fixed issues in Contao 4.11.6:
- #3253 Fix more invalid array access and missing null checks (m-vo)
- #3208 Always concatenate the 'image_container' class in figure.html.twig (m-vo)
- #3130 Add more null checks for DCA lang references (m-vo)
- #3123 Fix another invalid array access in ModuleProxy (m-vo)
- #3090 Allow empty content element translation key (leofeyer)
- #3098 Automatically inject container for tagged controllers (aschempp)
- #3087 Remove two superfluous labels (leofeyer)
- #3079 Fix another invalid array access (m-vo)
- #2931 Fix filtering for recurring events (fritzmg)
Contao 4.11.5 (2021-06-23)
Security vulnerability closed:
- Cross site scripting in the system log (CVE-2021-35210)
Contao 4.11.4 (2021-06-09)
Contao 4.11.3 (2021-05-13)
Changelog of the fixed issues in Contao 4.11.3:
- #2991 Enable "useSSL" by default unless the backend request is insecure (ausi)
- #2969 Fix more PHP 8 undefined array index errors (ausi)
- #2982 Add width/height attributes to the picture source (ausi)
- #2966 Update the functional tests section in README.md (ArndtZiegler)
- #2927 Use CSS to add the main headline separators (leofeyer)
- #2919 Prevent an 'Undefined array key "id"' warning in the clipboard (leofeyer)
- #2923 Fix more PHP 8 undefined array index errors (ausi)
- #2922 Fix another PHP 8 undefined array index error (ausi)
Contao 4.11.2 (2021-03-25)
Changelog of the fixed issues in Contao 4.11.2:
- #2915 Fix the version 4.8.0 update (leofeyer)
- #2911 Fix more PHP 8 warnings (leofeyer)
- #2908 Add a command to debug the page controllers (aschempp)
- #2907 Manually override content composition for known legacy types (aschempp)
- #2902 Fix the list/explodes when the second variable can be null (leofeyer)
- #2858 Quote the "group" field in the UserCreateCommand statement (richardhj)
- #2706 Add support for namespaced DC drivers (Toflar)
- #2845 Always show all errors in the contao-setup binary (m-vo)
- #2843 Fix another illegal array access in System::getReferer() (m-vo)
- #2856 Fix the search query if there are no keywords (ausi)
Contao 4.11.1 (2021-03-04)
Changelog of the fixed issues in Contao 4.11.1:
- #2785 Handle null arguments in the ContentCompositionListener (fritzmg)
- #2835 Fix an illegal object access in the Versions class (leofeyer)
- #2833 Use dependency injection for the InitializeController (aschempp)
- #2834 Allow passing an array of IDs to User::isMemberOf() (leofeyer)
- #2805 Fix an illegal array access in DC_Table when expanding the tree (m-vo)
- #2818 Fix the logout handler in Symfony 5 (fritzmg)
- #2794 Handle another illegal array access in the tl_page DCA (m-vo)
- #2788 Fix accessing Model\Collection instead of Model in ModuleFaqPage (m-vo)
- #2784 Correctly sort the pages if the URL suffix is empty (aschempp)
- #2806 Fix accessing an undefined variable (m-vo)
- #2796 Suggest using the contao-setup binary with @php prefix (m-vo)
- #2783 Correctly merge image size _defaults (m-vo)
- #2782 Fix the type casting for the FigureBuilder::enableLightbox() method (richardhj)
- #2774 Do not use Kernel::$rootDir anymore (fritzmg)
Contao 4.11.0 (2021-02-17)
Changelog of the fixed issues in Contao 4.11.0:
- #2763 Fix an illegal array access in BackendUser::navigation() (m-vo)
- #2764 Fix an illegal array access in DC_Table::reviseTables() (m-vo)
- #2766 Automatically prefix the back end data attributes (leofeyer)
- #2752 Symlink highlight.php as highlight_php (leofeyer)
- #2743 Change the default URL suffix (leofeyer)
- #2732 Handle non-existing resources in the FigureRenderer (m-vo)
- #2731 Do not replace template data recursively when applying legacy template data (m-vo)
- #2704 Fix the rgxp=>httpurl implementation (leofeyer)