TYPO3 News & Events Hub
What’s new & what’s comin’
Join Us and Contribute!
In the last blog post we described how our infrastructure and setup works and what we wanted to achieve with it. Now you can experience it yourself! We just opened our infrastructure to allow public contributions - for example to the blog extension - and here is how it works.
Read moreReport on the combined Server Admin and typo3.org Team Sprint in Würzburg (November 2016)
TYPO3-CORE-SA-2016-024: Path Traversal in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to Path Traversal.
TYPO3-CORE-SA-2016-023: Insecure Unserialize in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize.
TYPO3 CMS 6.2.29, 7.6.13 and 8.4.1 released
The TYPO3 Community announces the versions 6.2.29 LTS, 7.6.13 LTS and 8.4.1 of the TYPO3 Enterprise Content Management System.
Our Internal Workflow
In this post we want to give you a glimpse of how we are working internally, which tools we use and what the benefits of that workflow are to us.
TYPO3-EXT-SA-2016-033: Unvalidated Redirect in extension "TC Directmail" (tcdirectmail)
It has been discovered that the extension "TC Directmail" (tcdirectmail) is susceptible to Unvalidated Redirect.
TYPO3-EXT-SA-2016-032: SQL Injection in extension "Member Infosheets" (if_membersheet)
It has been discovered that the extension "Member Infosheets" (if_membersheet) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-031: Cross Site-Scripting in extension "Secure Download Form" (rs_securedownload)
It has been discovered that the extension "Secure Download Form" (rs_securedownload) is susceptible to Cross Site-Scripting.
TYPO3-EXT-SA-2016-030: SQL Injection in extension "Shibboleth Authentication" (shibboleth_auth)
It has been discovered that the extension "Shibboleth Authentication" (shibboleth_auth) is susceptible to SQL Injection.