TYPO3 News & Events Hub
What’s new & what’s comin’
Open Discussion on the TYPO3 Association Budget Ideas for 2022
As you may already know, the Business Control Committee (BCC) launched a process to generate ideas for the 2022 budget. We have received many great ideas that we’d like you to help us select from.
Read moreCode the TYPO3 Core in 2022
Every year we are re-evaluating the Core development workflow, and open up for new people to join the efforts of driving TYPO3 Core's development further. Maybe 2022 could be your year to join?
Now in Effect: the New Code of Conduct
The community vote concluded with 71 votes for and 4 votes against. The proposal has been approved and the new Code of Conduct for the TYPO3 community is in effect.
TYPO3 11.5.8 and 10.4.26 maintenance releases published
The versions 11.5.8 and 10.4.26 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3 11.5.7 and 10.4.25 maintenance releases published
The versions 11.5.7 and 10.4.25 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
We Need You for the Board and the Business Control Committee!
Are you a passionate member of the TYPO3 community? Do you have a vision for the future of TYPO3? Whether you are a developer or non-code contributor, TYPO3 needs dedicated people to help guide and serve the community.
TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)
It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)
It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.