Article - TYPO3 News

Product Updates & Roadmap

TYPO3 14.3.2 and 13.4.30 maintenance releases published

Oliver Hader

26 May 2026

The versions 14.3.2 and 13.4.30 of the TYPO3 Enterprise Content Management System have just been released.

Bringing Fluid to VSCode

Simon Praetorius

25 May 2026

A first-party VSCode extension now provides deep integration for Fluid templates in the IDE, improving the developer experience for TYPO3 workflows.

The Project

Team Budget Report: Update the Educational Sitepackage Extension and Tutorial

Karsten Nowak

22 May 2026

This is a report about the implementation of the documentation team budget idea: Update the Sitepackage Extension and Tutorial for TYPO3 v14.

The Project

TYPO3 Education Committee Sprint, April 2026

Marc Willmann

20 May 2026

The TYPO3 Education Committee gathered in Lübeck, Germany, for a three-day working sprint to update its certification program for TYPO3 v14. Here's a look at what the team accomplished — and what's coming in August.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)

Torben Hansen

19 May 2026

It has been discovered that the extension "Content Element Selector" (ceselector) is vulnerable to Remote Code Execution.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)

Torben Hansen

19 May 2026

It has been discovered that the extension "Address List" (tt_address) is vulnerable to SQL Injection.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2026-011: Multiple vulnerabilities in extension "Faceted Search" (ke_search)

Torben Hansen

19 May 2026

It has been discovered that the extension "Faceted Search" (ke_search) is vulnerable to XML External Entity injection, Path Traversal and Information Disclosure.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2026-010: SQL Injection in extension "News system" (news)

Torben Hansen

19 May 2026

It has been discovered that the extension "News system" (news) is vulnerable to SQL Injection.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)

Torben Hansen

19 May 2026

It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Broken Access Control.

Developer & Technology
TYPO3 Extensions

TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)

Torben Hansen

19 May 2026

It has been discovered that the extension "Site Crawler" (crawler) is vulnerable to Remote Code Execution.

TYPO3 News & Events Hub

What’s new & what’s comin’

TYPO3 14.3.2 and 13.4.30 maintenance releases published

Bringing Fluid to VSCode

Team Budget Report: Update the Educational Sitepackage Extension and Tutorial

TYPO3 Education Committee Sprint, April 2026

TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)

TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)

TYPO3-EXT-SA-2026-011: Multiple vulnerabilities in extension "Faceted Search" (ke_search)

TYPO3-EXT-SA-2026-010: SQL Injection in extension "News system" (news)

TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)

TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)