Version 3.5.6 (2015-11-27)
--------------------------
### Fixed
Correctly determin the protocol delimiter in `Idna::encodeUrl()`.
### Fixed
Handle relative URLs when following redirects in the Request class (see #7799).
### Fixed
Correctly handle empty UUIDs when comparing versions (see #7971).
### Fixed
Remove the "required" attribute when setting up TinyMCE (see #8131).
Version 3.5.5 (2015-11-25)
--------------------------
### Fixed
Fix the domain when forwarding in the page controllers (see #8123).
### Fixed
Use the feed URL instead of the base URL for enclosures (see #8116).
### Fixed
Fix the `<time>` tags and standardize the event templates (see #8012).
### Fixed
Handle empty `href` attributes in the book navigation (see #8104).
### Fixed
Do not store e-mail addresses in the newsletter (un)subscription log.
### Fixed
Correctly encrypt fields upon registration (see #8110).
### Fixed
Correctly render required single checkboxes in the back end (see #7731).
### Fixed
Correctly store multi select menus if no value is selected (see #7760).
### Fixed
Prevent recursion when rendering 403/404 pages (see #8060).
### Fixed
Map the `FileTree` widget to `FormFileUpload` in the front end (see #8091).
### Fixed
Preserve the user input when loading image meta data (see #8108).
### Fixed
Show the "toggle all" buttons in "edit multiple" mode (see #5622).
### Fixed
Disable the gallery pagination if the images are sorted randomly (see #8033).
### Fixed
Set the correct empty value when copying elements (see #8064).
### Fixed
Correctly hide forward pages with no public subpages (see #8054).
### Fixed
Correctly render the page picker if the value starts with `#` (see #8055).
### Fixed
Correctly render the "group" option in the radio button and checkbox widgets.
### Fixed
Correctly set the ID when toggling fields via Ajax (see #8043).
### Fixed
Support call, sms and app hyperlinks when converting relative URLs (see #8102).
### Fixed
Correctly check if a folder is protected when loading subfolders.
### Fixed
Correctly check the synchronization status when copying or moving files.
### Fixed
Adjust the code to be compatible with PHP7 (see #8018).
### Fixed
Correctly show the UUID in the back end file manager popup (see #8058).
Version 3.5.4 (2015-10-09)
--------------------------
### Fixed
Do not add the back end language in the meta wizard (see #8056).
### Fixed
Do not add excluded files to the DBAFS if they are edited in the file manager.
### Fixed
Add the `|flatten` insert tag flag to handle arrays (see #8021).
### Fixed
Check for excluded folders in the back end file popup (see #8003).
### Fixed
Fixed a wrong option name when initializing sortables (see #8053).
### Fixed
Translate UUIDs to paths in the parent view header fields.
### Fixed
Trigger the options_callback for the parent view header fields (see #8031).
### Fixed
Correctly create the initial version of a member without username (see #8037).
### Fixed
Improve the performance of the debug bar (see #7839).
### Fixed
Correctly output the event details in the `event_list` template (see #8041).
### Fixed
Only modify empty `href` attributes in the `nav_` template (see #8006, #8038).
### Fixed
Correctly show the group headlines in the repository DB updater (see #8020).
### Fixed
Improve the e-mail regex to also match the new TLDs (see #7984).
### Fixed
Ensure that the database port is not empty (see #7950).
### Fixed
Remove the left-over usages of `$this->v2warning` (see #8027).
### Fixed
Support the `hasDetails` variable in the event reader (see #8011).
Version 3.5.3 (2015-09-10)
--------------------------
### Fixed
Correctly handle dimensionless SVG images (see #7882).
### Fixed
Correctly fill in the image meta data in news, events and FAQs (see #7907).
### Fixed
Enable the `strictMath` option of the LESS parser (see #7985).
### Fixed
Consider the pagination menu when inserting at the top (see #7895).
### Fixed
Use en-dashes in event intervals (see #7978).
### Fixed
Store the correct edit URL in the back end personal data module (see #7987).
### Fixed
Adjust the breadcrumb trail when creating new folders (see #7980).
### Fixed
Use `$this->hasText` in news and event templates (see #7993).
### Fixed
Convert the HTML content to XHTML when generating Atom feeds (see #7996).
### Fixed
Correctly link the items in the files breadcrumb menu (see #7965).
### Fixed
Handle explicit collations matching the default collation (see #7979).
### Fixed
Fix the duplicate content check in the front end controller (see #7661).
### Fixed
Correctly parse dates in MooTools (see #7983).
### Fixed
Register the related models in the registry (see contao/core-bundle#333).
### Fixed
Correctly escape in the `findMultipleFilesByFolder()` method (see #7966).
### Fixed
Override the tabindex handling of the accordion to ensure that the togglers are
always focusable via keyboard (see #7963).
### Fixed
Correctly generate the news and event menu URLs (see #7953).
### Fixed
Check the script when storing the front end referer (see #7908).
### Fixed
Fix the back end pagination menu (see #7956).
### Fixed
Handle option callbacks in the back end help (see #7951).
### Fixed
Fixed the external links in the text field help wizard (see #7954) and the
keyboard shortcuts link on the back end start page (see #7935).
### Fixed
Fixed the CSS group field explanations (see #7949).
### Fixed
Use ./ instead of an empty href (see #7967).
### Fixed
Correctly detect Microsoft Edge (see #7970).
### Fixed
Respect the "order" parameter in the `findMultipleByIds()` method (see #7940).
### Fixed
Always trigger the "parseDate" hook (see #4260).
### Fixed
Allow to instantiate the `InsertTags` class (see #7946).
### Fixed
Do not parse the image `src` attribute to determine the state of an element,
because the image path might have been replaced with a `data:` string (e.g. by
the Apache module "mod_pagespeed").
* Add Serbian language files.
Version 3.5.2 (2015-07-24)
--------------------------
### Fixed
Revert some of the PhpStorm code inspector changes (see #7937).
Version 3.5.1 (2015-07-24)
--------------------------
### Fixed
Add a `StringUtil` class to restore PHP 7 compatibility (see contao/core-bundle#309).
### Fixed
Fix the `Validator::isEmail()` method (see contao/core-bundle#313).
### Fixed
Strip tags before auto-generating aliases (see #7857).
### Fixed
Correctly encode the URLs in the popup file manager (see #7929).
### Fixed
Check for the comments module when compiling the news meta fields (see #7901).
### Fixed
Also sort the newsletter channels alphabetically in the front end (see #7864).
### Fixed
Disable responsive images in the back end preview (see #7875).
### Fixed
Overwrite the request string when generating news/event feeds (see #7756).
### Fixed
Store the static URLs with the cached file (see #7914).
### Fixed
Correctly check the subfolders in the `hasAccess()` method (see #7920).
### Fixed
Updated the countries list (see #7918).
### Fixed
Respect the `notSortable` flag in the parent (see #7902).
### Fixed
Round the maximum upload size to an integer value (see #7880).
### Fixed
Make the markup minification less aggressive (see #7734).
### Fixed
Filter the indices in `Database::getFieldNames()` (see #7869).
### Fixed
Back-ported two fixes from the upstream versions.
Contao is an Open Source PHP Content Management System for people who want a
professional website that is easy to maintain. Visit the https://contao.org
for more information.
This is new Long Term Support release which replase existing Contao 3.2
and the last stable release from Contao 3.x series.
Please refer system/docs/CHANGELOG.md in detail.
Version 3.4.5 (2015-03-27)
--------------------------
### Fixed
Consider the `$blnCache` flag when caching insert tags (see #7700).
### Updated
Updated TinyMCE to version 4.1.9 (see #7690).
### Fixed
Correctly calculate the max upload size in the DropZone uploader (see #7633).
### Fixed
Convert language codes to locales in the meta wizard (see #7667).
### Fixed
Replace only the `{{file}}` insert tag in the back end preview (see #7647).
### Fixed
Correctly convert date strings depending on their rgxp format (see #7721).
### Fixed
Update news and calendar feeds from the content view (see #7679).
### Fixed
Do not generally encode stand-alone ampersands (see #7684).
### Fixed
Restore some globals when catching the unused argument exception (see #7659).
### Fixed
Correctly set the CSS classes in the jQuery accordion and do not try to mess
with its ARIA handling (see #7622).
### Fixed
Handle language fragments without trailing slash when redirecting (see #7666).
### Fixed
Trigger the `load_callback` upon saving in "override all" mode (see #7670).
### Fixed
Ensure a unique language file array in the `Automator` class (see #7687).
Version 3.2.20 (2015-03-26)
---------------------------
### Fixed
Correctly convert date strings depending on their rgxp format (see #7721).
### Fixed
Update news and calendar feeds from the content view (see #7679).
### Fixed
Do not generally encode stand-alone ampersands (see #7684).
### Fixed
Restore some globals when catching the unused argument exception (see #7659).
### Fixed
Correctly set the CSS classes in the jQuery accordion and do not try to mess
with its ARIA handling (see #7622).
### Fixed
Handle language fragments without trailing slash when redirecting (see #7666).
### Fixed
Trigger the `load_callback` upon saving in "override all" mode (see #7670).
### Fixed
Ensure a unique language file array in the `Automator` class (see #7687).
Version 3.4.4 (2015-02-12)
--------------------------
### Fixed
Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See
CVE-2015-0269 for more information.
Version 3.2.19 (2015-02-12)
---------------------------
### Fixed
Fixed a directory traversal vulnerability discovered by Arnaud Buchoux. See
CVE-2015-0269 for more information.
* pkgsrc change: change config directory's permission.
Version 3.4.3 (2015-01-30)
--------------------------
### Fixed
Consider the error reporting level in the install tool (see #7593).
### Fixed
Handle variables and functions when importing style sheets (see #7448).
* pkgsrc change: change config directory's permission.
Version 3.2.18 (2015-01-30)
---------------------------
### Fixed
Handle variables and functions when importing style sheets (see #7448).
### Fixed
Fix an infinite recursion problem in the `FilesModel` class (see #7588).
Version 3.4.2 (2015-01-22)
--------------------------
### Fixed
Fix an infinite recursion problem in the `FilesModel` class (see #7588).
Version 3.4.1 (2015-01-22)
--------------------------
### Fixed
Fix the position of the input field hints (see #7561).
### Fixed
Do not apply the GDlib maximum dimensions to SVG images (see #7435).
### Fixed
Do not show the diff icon if a record has been deleted (see #7429).
### Fixed
Remove a left-over headline from the `ce_text.xhtml` template (see #7502).
### Fixed
Preserve comments when exporting CSS files (see #7482).
### Fixed
Fix the LESS import path in the Combiner (see #7533).
### Fixed
Hide the width and height attributes if there is a sizes attribute (see #7500).
### Fixed
Remove the hardcoded figcaption width (see #7549).
### Fixed
Only load the model in the file/page picker if the class exists (see #7490).
### Fixed
Romanize style sheet names (see #7526).
### Fixed
Add the username to the "account has been locked" log entry (see #7551).
### Fixed
Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
### Fixed
Added two missing `exclude` flags in the `tl_page` data container (see #7522).
### Fixed
Send an UTF-8 charset header in the `die_nicely()` function (see #7519).
### Fixed
Correctly validate dates in the `Widget` class (see #7498).
### Fixed
Back port the fixes from #7475 and #7473.
### Fixed
Send the same cache headers for cached and uncached pages (see #7455).
### Fixed
Fix the `current() expects parameter 1 to be array` issue (see #6739).
### Fixed
Correctly replace the `*_teaser` insert tags (see #7488).
### Fixed
Adjust the last and previous login labels (see #7426).
### Fixed
Unset the `postUnsafeRaw` cache in `Input::setPost()` (see #7481).
Version 3.2.17 (2015-01-22)
---------------------------
### Fixed
Romanize style sheet names (see #7526).
### Fixed
Add the username to the "account has been locked" log entry (see #7551).
### Fixed
Consider the suhosin.memory_limit when raising the PHP limits (see #7035).
### Fixed
Added two missing `exclude` flags in the `tl_page` data container (see #7522).
### Fixed
Send an UTF-8 charset header in the `die_nicely()` function (see #7519).
### Fixed
Correctly validate dates in the `Widget` class (see #7498).
### Fixed
Back port the fixes from #7475 and #7473.
### Fixed
Send the same cache headers for cached and uncached pages (see #7455).
### Fixed
Fix the `current() expects parameter 1 to be array` issue (see #6739).
### Fixed
Correctly replace the `*_teaser` insert tags (see #7488).
### Fixed
Adjust the last and previous login labels (see #7426).
### Fixed
Unset the `postUnsafeRaw` cache in `Input::setPost()` (see #7481).
Version 3.3.7 (2014-11-24)
--------------------------
### Fixed
Fixed a potential directory traversal vulnerability.
### Fixed
Fixed a severe XSS vulnerability. In this context, the insert tag flags
`base64_encode` and `base64_decode` have been removed.
### Fixed
Handle nested insert tags in strip_insert_tags().
### Fixed
Correctly store the model in Dbafs::addResource() (see #7440).
### Fixed
Send the request token when toggling the visibility of an element (see #7406).
### Fixed
Always apply the IE security fix in the Environment class (see #7453).
### Fixed
Correctly handle archives being part of multiple RSS feeds (see #7398).
### Fixed
Correctly handle `0` in utf8_convert_encoding() (see #7403).
### Fixed
Send a 301 redirect to forward to the language root page (see #7420).
Version 3.2.16 (2014-11-24)
---------------------------
### Fixed
Fixed a potential directory traversal vulnerability.
### Fixed
Fixed a severe XSS vulnerability. In this context, the insert tag flags
`base64_encode` and `base64_decode` have been removed.
### Fixed
Handle nested insert tags in strip_insert_tags().
### Fixed
Correctly store the model in Dbafs::addResource() (see #7440).
### Fixed
Send the request token when toggling the visibility of an element (see #7406).
### Fixed
Always apply the IE security fix in the Environment class (see #7453).
### Fixed
Correctly handle archives being part of multiple RSS feeds (see #7398).
### Fixed
Correctly handle `0` in utf8_convert_encoding() (see #7403).
### Fixed
Send a 301 redirect to forward to the language root page (see #7420).
Version 3.3.6 (2014-10-31)
--------------------------
### Fixed
Always pass a DC object in the `toggleVisibility` callback (see #7314).
### Fixed
Correctly render the "read more" and article navigation links (see #7300).
### Fixed
Fix the markup of the form submit button (see #7396).
### Fixed
Do not generally remove insert tags from page titles (see #7198).
### Fixed
Consider the `useSSL` flag of the root page when generating URLs (see #7390).
### Fixed
Correctly create the template object in `BaseTemplate::insert()` (see #7366).
### Updated
Updated TinyMCE to version 4.1.6 and added the "lists" plugin (see #7349).
### Fixed
Fixed the FAQ sorting in the back end (see #7362).
### Fixed
Added the `Widget::__isset()` method (see #7290).
### Fixed
Correctly handle dynamic parent tables in the `DC_Table` driver (see #7335).
### Fixed
Correctly shortend HTML strings in `String::substrHtml()` (see #7311).
### Updated
Updated MooTools to version 1.5.1 (see #7267).
### Fixed
Updated swipe.js to version 2.0.1 (see #7307).
### Fixed
Use an `.invisible` class which plays nicely with screen readers (see #7372).
### Fixed
Handle disabled modules in the module loader (see #7380).
### Fixed
Fixed the "link_target" insert tag.
### Fixed
Correctly mark CAPTCHA fields as mandatory (see #7283).
### Updated
Updated the ACE editor to version 1.1.6 (see #7278).
### Fixed
Fix the `Database::list_fields()` method (see #7277).
### Fixed
Correctly assign "col_first" and "col_last" in the image gallery (see #7250).
### Fixed
Set the correct path to TCPDF in `system/config/tcpdf.php` (see #7264).
Version 3.2.15 (2014-10-31)
---------------------------
### Fixed
Always pass a DC object in the `toggleVisibility` callback (see #7314).
### Fixed
Correctly render the "read more" and article navigation links (see #7300).
### Fixed
Consider the `useSSL` flag of the root page when generating URLs (see #7390).
### Fixed
Fixed the FAQ sorting in the back end (see #7362).
### Fixed
Added the `Widget::__isset()` method (see #7290).
### Fixed
Correctly handle dynamic parent tables in the `DC_Table` driver (see #7335).
### Fixed
Correctly shortend HTML strings in `String::substrHtml()` (see #7311).
### Updated
Updated MooTools to version 1.5.1 (see #7267).
### Fixed
Updated swipe.js to version 2.0.1 (see #7307).
### Fixed
Use an `.invisible` class which plays nicely with screen readers (see #7372).
### Fixed
Handle disabled modules in the module loader (see #7380).
### Fixed
Fixed the "link_target" insert tag.
### Updated
Updated the ACE editor to version 1.1.6 (see #7278).
### Fixed
Fix the `Database::list_fields()` method (see #7277).
### Fixed
Correctly assign "col_first" and "col_last" in the image gallery (see #7250).
Version 3.3.5 (2014-08-27)
--------------------------
### Fixed
Do not output an empty `label` tag (see #7249).
### Fixed
Allow floating point numbers in "number" input fields (see #7257).
### Fixed
Do not adjust the start time of past events (see #7121).
### Fixed
Reset the image margins if it exceeds the maximum image size (see #7245).
### Fixed
Reset `$blnPreventSaving` when a model is cloned (see #7243).
### Fixed
Do not reload after storing `CURRENT_ID` in the session (see #7240).
### Fixed
Correctly validate the page number of the versions menu (see #7235).
### Fixed
Handle underscores in the Google+ vanity name (see #7241).
### Fixed
Correctly handle the `rem` unit when importing style sheets (see #7220).
### Fixed
Fix two issues with the extension repository theme.
Version 3.2.14 (2014-08-27)
---------------------------
### Fixed
Allow floating point numbers in "number" input fields (see #7257).
### Fixed
Do not adjust the start time of past events (see #7121).
### Fixed
Reset the image margins if it exceeds the maximum image size (see #7245).
### Fixed
Reset `$blnPreventSaving` when a model is cloned (see #7243).
### Fixed
Do not reload after storing `CURRENT_ID` in the session (see #7240).
### Fixed
Correctly validate the page number of the versions menu (see #7235).
### Fixed
Handle underscores in the Google+ vanity name (see #7241).
### Fixed
Correctly handle the `rem` unit when importing style sheets (see #7220).
### Fixed
Fix two issues with the extension repository theme.
Version 3.3.4 (2014-07-29)
--------------------------
### Fixed
Restore permission to delete root pages for admin users (see #7135).
### Fixed
Pass the file IDs instead of their UUIDs to the file picker (see #7139).
### Fixed
Correctly handle double quotes in comments (see #7102).
### Fixed
Ignore hidden files when building the internal cache (see #7098).
### Fixed
Correctly pass the insert ID of the undo record (see #6234).
### Fixed
Update the vendor libraries (fixes various issues).
Version 3.2.13 (2014-07-29)
---------------------------
### Fixed
Use `DOMDocument::loadXML()` instead of `DOMDocument::load()` (see 7192).
### Fixed
Specify the font size in `rem` for modern browsers (see #7209).
### Fixed
Make sure the default language file is loaded in the DCA extractor (see #7202).
### Fixed
Do not add unpublished FAQs to the XML sitemap (see #7210).
### Fixed
Preserve new lines when replacing simple tokens (see #7178).
### Fixed
Always prevent saving if `PageModel::loadDetails()` is executed (see #7199).
### Fixed
Use `===` to compare password hashes (see #7175).
### Fixed
Correctly mark GET parameters as used (see #7185).
### Fixed
Correctly apply the "disabled" attribute to input unit fields (see #7147).
### Fixed
Correctly check the permission to edit multiple files (see #7157).
### Fixed
Correctly handle other MySQL character sets (see #7140).
### Fixed
Correctly recognize Opera Mobile in the `Environment` class (see #5869).
### Fixed
Fix the grid offset for articles (see #7166).
### Fixed
Restore the basic entities in the source editor (see #7170).
### Fixed
Correctly build the breadcrumb trail in the style sheets module (see #7132).
### Fixed
Do not associate the "use SSL" option with sitemaps only (see #7163).
### Fixed
URL encode the pipe character in the Google web font URL (see #7120).
### Fixed
Handle double quotes in the title attribute of the `<link>` element (see #7124).
### Fixed
Use the `save_callback` when generating multiple aliases (see #7114).
### Update
Update SwiftMailer to version 5.2.1 (see #7110).
### Fixed
Correctly handle double quotes in comments (see #7102).
### Fixed
Ignore hidden files when building the internal cache (see #7098).
### Fixed
Correctly pass the insert ID of the undo record (see #6234).
* Finnish translation is added and Latvian translation is removed.
* Example website (Music Academy) is removed from core distribution.
It is still available on Contao Extension Repository.
Version 3.2.12 (2014-06-18)
---------------------------
### Fixed
Replace insert tags in external redirect targets (see #6765).
### Fixed
Also apply the font settings to the ACE element (see #7103).
### Fixed
Show the placeholder image in the "edit file" dialog if the original image
exceeds the maximum dimensions supported by the GD library (see #7032).
### Fixed
Preserve whitespace before `<textarea>` tags when minifying code (see #7087).
### Fixed
Restore the PHP 5.3 compatibility of the listing module (see #7078).
### Fixed
Do not offer to drop tables or fields if the safe mode is active (see #7085).
### Fixed
Correctly detect binary fields during theme export (see #7079).
Version 3.3.3 (2014-06-18)
--------------------------
### Fixed
Convert insert tags before assigning the page title to the template (see #7097).
### Fixed
Correctly render images in TinyMCE in the newsletter module (see #7089).
Version 3.3.2 (2014-06-04)
--------------------------
### Fixed
Add the media query to the style sheets in debug mode (see #7070).
### Fixed
Disable the debug mode in the extension creator (see #7068).
### Fixed
Convert image source insert tags in the back end preview (see #7065).
### Fixed
Render all root nodes in the page and file picker (see #6844).
### Fixed
Add the "scssphp-compass" library to support Compass functions.
### Fixed
Support adding multiple TinyMCE instances to the same page (see #7061).
Version 3.2.11 (2014-06-04)
---------------------------
### Fixed
Make `$this->locationLabel` available in the event list (see #7030).
### Fixed
Correctly set the root page title (see #7023).
### Fixed
Only show the sort hint if there is more than one element (see #6935).
### Fixed
Try to raise the PHP limits upon file synchronization (see #7035).
Though there is no description in CHANGELOG.md, data for an example web site
(Music Academy) was removed from the distribution.
Version 3.3.1 (2014-05-30)
--------------------------
### Fixed
Grant access to static files inside the `vendor` folder.
### Fixed
Do not make the `FormRadioButton` options an array (see #7060).
### Fixed
Support adding ACE and TinyMCE in subpalettes (see #7056).
### Fixed
Only use the DropZone uploader where Ajax uploads can be processed (see #7046).
### Fixed
Make the viewport field 255 characters long (see #7050).
### Fixed
Restore the "submit_container" class in the `FormSubmit` widget (see #7055).
### Fixed
Correctly generate the CSS classes of the `FormSelectMenu` widget (see #7045).
### Fixed
Use a more precise UUID detection in the `FilesModel` class (see #7054).
### Fixed
Use `pack()` instead of `hex2bin()` to be compatible with PHP 5.3 (see #7010).