We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs.
Update to Contao 4.13.40 or 5.3.4.
Disable crawling protected pages.
https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
If you have any questions or comments about this advisory, open an issue in contao/contao.
Impact
If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs.
Patches
Update to Contao 4.13.40 or 5.3.4.
Workarounds
Disable crawling protected pages.
References
https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.