TYPO3 News & Events Hub
What’s New & What’s Coming
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions.
Read moreMultiple security issues in third party TYPO3 extensions
A total of 15 third party extensions has been found insecure. Please follow the links in this news item, in order to see which extensions have has been found insecure.
TypoScript in 45 Minutes
"Impossible!" is a common reaction on reading this headline. But the impossible is our goal. The DocTeam is currently working on a manual that shall allow everyone to understand TypoScript in only 45 minutes.
Announcing TYPO3 Bug Day
1st TYPO3 BugDay on June 27th, 2008
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions.
Security Bulletin TYPO3-20080619-1: Several vulnerabilities have been found in TYPO3 third party extensions
Several vulnerabilities have been found in TYPO3 third party extensions.
Podcast: Hitchhiker's Guide to FLOW3
A session from the TYPO3 Developer Days 2008 about the current state of FLOW3 and TYPO3 v5 can be watched in the latest episode of the T3CAST. It outlines new features and concepts which have been developed since the T3CON07. Besides a Hello World...
T3N Magazine releases four current TYPO3-Articles in English (June 2008)
For the 11th time the T3N Magazine for Open Source and Web updated their article database. Four stories from the last issue (No. 11) have recently been translated for your free reading pleasure
Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
TYPO3 v5 project report: May 2008
Our main topics for the TYPO3 v5 project last month were - apart from the usual development work - conferences, continuous integration and project management. Here are the topics in detail:
TYPO3 v4 Core SVN Migration
The TYPO3 v4 SVN repository has been moved to svn.typo3.org, TYPO3's own SVN server infrastructure.
Forelle ist geil!
The weekend of the 24th/25th of may the first gathering of HCI (Human Computer Interface Team) took place @ Netcreators HQ in Arnhem.
Getting started with the Forge
Shortly before the TYPO3 Developer Days, the team around Martin Herr and Sebastian Kurfürst have expanded the forge.typo3.org into the central development platform for the TYPO3 community. It serves as the hub for development of TYPO3 v4, v5 and the...
SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.
Security Bulletin TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.
Security Bulletin TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)
It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.
Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)
It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.
Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Command Execution.
Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)
It has been discovered that the extension Frontend Filemanager (air_filemanager) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.