Skip to main navigation Skip to main content Skip to page footer
Newsletter Sign-Up Follow Us

TYPO3 News & Events Hub

What’s New & What’s Coming

  • Development

TYPO3 3.8.1 released

TYPO3 version 3.8.1 is ready for download. This is a maintenance release of the 3.8 branch and fixes a few security related issues. For further information about the changes 3.8.1 please also check out the article below.

Read more
  • TYPO3 CMS

TYPO3 Security Bulletin

Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information.

  • TYPO3 CMS

TYPO3 Security Bulletin

Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided...

  • TYPO3 CMS

TYPO3 Security Bulletin

For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the generated value are actually random. The overall key is therefore unique and -as of today- considered...

  • TYPO3 CMS

TYPO3 Security Bulletin

In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks.

TYPO3 Security Bulletin

Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)

  • TYPO3 CMS

TYPO3 Security Bulletin

The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set, this will create a backup copy and append a "~" to the original file name. This leads to file names...

th_mailformplus

A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.

chc_forum

A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code.

  • Development

Scalable Inman Flash Replacement

TYPO3 implementation of Scalable Inman Flash Replacement, a method to insert rich typography into web pages without sacrificing accessibility, search engine friendliness, or markup semantics. In an email interview I recently had with Maximo...

  • Development

Acronym Manager

Making a Web site accessible can be simple or complex, depending on many factors such as the type of content, the size and complexity of the site, and the development tools and environment. One common problem is to mark abbrevations, acronyms an...

  • Development

CSS styled IMGTEXT - Part3

I just released version 0.4.0 of CSS Styled Image Text. For who don't know yet, this is a working CSS based implementation of the "Text with Image" and "Image" content types (from tt_content).

TYPO3 Security Bulletin

A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version (fe_rtenews) is derived from fe_news, it is...

  • Development

Zap The Gremlins - let's zap'em!

After many hours of preparation the "Zap the Gremlins" project team is now calling for the most nagging "Gremlins" (means: annoying issues, bugs). This is your chance to make TYPO3 even better than it already is. You are kindly invited to submit...

  • Development

Accessibility feature in htmlArea RTE 0.7.2

The new version of the htmlArea RTE 0.7.2 brings along a new accessibility-related feature, that makes it easier to differentiate between internal, external, download and mail links and those links opening in the same browser-window, a new browser...