Is Contao 3.5.40 patched?

Contao · cycle 3.5 · end of life · Official site ↗

3.5.4040/100End of life

Current stable (5.7.7): 100/100

Health score40/100

Open issues4

Exploited now0

Cycle 3.5 EOL2019-05-31

Latest release5.7.7

Summary iPlain-English security status for Contao 3.5.40, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Contao 3.5.40 is part of the 3.5 release line. 4 known vulnerabilities affect it. The 3.5 line reached end-of-life on 2019-05-31, so it no longer receives security patches. The latest supported Contao release is 5.7.7.

Known issues affecting 3.5.40

Exploited first, then by exploitation probability.

CVE-2023-29200 MEDIUM EPSS 1% → fixed in 5.1.4 CVE-2024-28234 MEDIUM EPSS 1% → fixed in 5.3.4 CVE-2024-30262 MEDIUM EPSS 0% → fixed in 4.13.40 CVE-2024-45604 MEDIUM EPSS 0% → fixed in 4.13.49

Other Contao versions

Check another release line of Contao.

Contao 5.7.7 Contao 5.6.11 Contao 5.5.16 Contao 5.4.14 Contao 5.3.46 Contao 5.2.10 Contao 5.1.11 Contao 5.0.10 Contao 4.13.58 Contao 4.12.7 Contao 4.11.9 Contao 4.10.7 Contao 4.9.42 Contao 4.4.57

Frequently asked

Is Contao 3.5.40 patched?

Contao 3.5.40 is end-of-life and no longer receives security patches. Move to 5.7.7.

When does Contao 3.5 reach end-of-life?

Contao 3.5 reached end-of-life on 2019-05-31 and no longer receives security patches.

What is the latest version of Contao?

The latest supported Contao release is 5.7.7.

Is Contao 3.5.40 still receiving security updates?

No — Contao 3.5.40 is on the 3.5 line, which reached end-of-life on 2019-05-31 and no longer receives security updates. Upgrade to 5.7.7 or later to stay supported.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Contao's official advisory before you patch or upgrade — Contao official site ↗