TYPO3 News & Events Hub
What’s new & what’s comin’
TYPO3 v6.2.55, 7.6.49, and 8.7.38 ELTS Released
Still sticking to an older version of TYPO3? Today, TYPO3 v6.2.55 ELTS, 7.6.49, and 8.7.38 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
Read moreTYPO3 10.4.10 and 9.5.23 security releases published
The versions 10.4.10 and 9.5.23 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
Repeating and refining public service announcement TYPO3-PSA-2019-010.
TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode
Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
It has been discovered that TYPO3 CMS is susceptible to XML external entity processing.
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting..
TYPO3-CORE-SA-2020-009: Cross-Site Scripting through Fluid view helper arguments
It has been discovered that the Fluid Engine is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2020-020: Denial of Service in extension "Authenticator" (defbu_authenticator)
It has been discovered that the extension "Authenticator" (defbu_authenticator) is susceptible to Denial of Service.
TYPO3-EXT-SA-2020-019: Sensitive Data Exposure in extension "View frontend statistics" (view_statistics)
It has been discovered that the extension "View frontend statistics" (view_statistics) is susceptible to Sensitive Data Exposure.