[0] Fix | Delete

Version 3.5.40 (2019-04-10)

[1] Fix | Delete

---------------------------

[2] Fix | Delete

[3] Fix | Delete

### Fixed

[4] Fix | Delete

Fix the save callback in the back end password module (see #429).

[5] Fix | Delete

[6] Fix | Delete

[7] Fix | Delete

Version 3.5.39 (2019-04-09)

[8] Fix | Delete

Fixed

[9] Fix | Delete

[10] Fix | Delete

Invalidate the user sessions if a password changes (see CVE-2019-10641).

[11] Fix | Delete

[12] Fix | Delete

Version 3.5.38 (2018-12-21)

[13] Fix | Delete

Fixed

[14] Fix | Delete

[15] Fix | Delete

Correctly check the permission to move child records as non-admin user.

[16] Fix | Delete

Version 3.5.37 (2018-12-13)

[17] Fix | Delete

Fixed

[18] Fix | Delete

[19] Fix | Delete

Prevent information disclosure in the back end (see CVE-2018-20028).

[20] Fix | Delete

Version 3.5.36 (2018-09-18)

[21] Fix | Delete

[22] Fix | Delete

Fixed

[23] Fix | Delete

Prevent arbitrary code execution through .phar files (see CVE-2018-17057).

[24] Fix | Delete

[25] Fix | Delete

Fixed

[26] Fix | Delete

Correctly reset the autologin data upon logout (#8868).

[27] Fix | Delete

[28] Fix | Delete

Fixed

[29] Fix | Delete

Remove support for deprecated user password hashes (see #8889).

[30] Fix | Delete

[31] Fix | Delete

Version 3.5.35 (2018-04-18)

[32] Fix | Delete

Fixed

[33] Fix | Delete

[34] Fix | Delete

Fix an XSS vulnerability in the system log (see CVE-2018-10125).

[35] Fix | Delete

[36] Fix | Delete