5.6.4.0 is very likely the last release of legacy concrete5. It features:
- Fixes a vulnerability which permitted authenticated users to view the contents of arbitrary messages sent through the My Account section (Learn more at https://www.concrete5.org/about/blog/security/messaging-system-vulnerability)
- PHP7 compatibility
- User avatar updated to run without flash
- Email validation fixed to allow TLDs with more than 3 characters
- Multi-byte support in email validation
- Short tags removed