<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
    <channel>
        <title>Official TYPO3 news</title>
        <description>Posts by tag: Development</description>
        <language>en</language>
        <link>https://news.typo3.com/article/tag/development/blog.tag.xml</link>
        <lastBuildDate>Sat, 18 Jul 2026 14:43:24 +0200</lastBuildDate>
        
    
    
        
<item><title>TYPO3 Joins the PHP Foundation as a Silver Sponsor</title><link>https://news.typo3.com/article/typo3-joins-the-php-foundation-as-a-silver-sponsor</link><comments>https://news.typo3.com/article/typo3-joins-the-php-foundation-as-a-silver-sponsor#comments</comments><pubDate>Tue, 30 Jun 2026 08:00:00 +0200</pubDate><dc:creator>Luana Valentini</dc:creator><guid>https://news.typo3.com/article/typo3-joins-the-php-foundation-as-a-silver-sponsor</guid><description>In June 2026, TYPO3 joined the PHP Foundation as a Silver Sponsor, supporting the long-term development of the language its CMS and ecosystem have relied on for more than two decades.</description><enclosure
            length="117608"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/4/4/csm_TYPO3xPHP_listing_1400x933_LAY03__f6f8ee2c2d.webp" /></item>


    
        
<item><title>TYPO3-EXT-SA-2026-013: Remote Code Execution in extension &quot;Content Element Selector&quot; (ceselector)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-013</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-013#comments</comments><pubDate>Tue, 19 May 2026 11:06:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-013</guid><description>It has been discovered that the extension &quot;Content Element Selector&quot; (ceselector) is vulnerable to Remote Code Execution.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-012: SQL Injection in extension &quot;Address List&quot; (tt_address)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-012</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-012#comments</comments><pubDate>Tue, 19 May 2026 11:05:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-012</guid><description>It has been discovered that the extension &quot;Address List&quot; (tt_address) is vulnerable to SQL Injection.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-011: Multiple vulnerabilities in extension &quot;Faceted Search&quot; (ke_search)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-011</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-011#comments</comments><pubDate>Tue, 19 May 2026 11:03:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-011</guid><description>It has been discovered that the extension &quot;Faceted Search&quot; (ke_search) is vulnerable to XML External Entity injection, Path Traversal and Information Disclosure.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-010: SQL Injection in extension &quot;News system&quot; (news)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-010</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-010#comments</comments><pubDate>Tue, 19 May 2026 11:02:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-010</guid><description>It has been discovered that the extension &quot;News system&quot; (news) is vulnerable to SQL Injection.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-009: Broken Access Control in extension &quot;Frontend User Registration&quot; (sf_register)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-009</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-009#comments</comments><pubDate>Tue, 19 May 2026 11:01:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-009</guid><description>It has been discovered that the extension &quot;Frontend User Registration&quot; (sf_register) is vulnerable to Broken Access Control.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-008: Remote Code Execution in extension &quot;Site Crawler&quot; (crawler)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-008</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-008#comments</comments><pubDate>Tue, 19 May 2026 11:00:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-008</guid><description>It has been discovered that the extension &quot;Site Crawler&quot; (crawler) is vulnerable to Remote Code Execution.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-005: Cleartext storage of Backend User Passwords</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-005</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-005#comments</comments><pubDate>Tue, 21 Apr 2026 11:05:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-005</guid><description>It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-007: Authentication Bypass in extension &quot;E-Mail MFA Provider&quot; (mfa_email)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-007</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-007#comments</comments><pubDate>Tue, 17 Mar 2026 10:02:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-007</guid><description>It has been discovered that the extension &quot;E-Mail MFA Provider&quot; (mfa_email) is vulnerable to Authentication Bypass.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-006: Broken Access Control in extension &quot;Redirect Tab&quot; (redirect_tab)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-006</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-006#comments</comments><pubDate>Tue, 17 Mar 2026 10:01:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-006</guid><description>It has been discovered that the extension &quot;Redirect Tab&quot; (redirect_tab) is vulnerable to Broken Access Control.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-005: Insecure Deserialization in extension &quot;Mailqueue&quot; (mailqueue)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-005</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-005#comments</comments><pubDate>Tue, 17 Mar 2026 10:00:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-005</guid><description>It has been discovered that the extension &quot;Mailqueue&quot; (mailqueue) is vulnerable to insecure deserialization.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-004: Vulnerability in bundled package in extension &quot;Amazon AWS SDK&quot; (aws)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-004</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-004#comments</comments><pubDate>Tue, 20 Jan 2026 08:33:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-004</guid><description>It has been discovered that the extension &quot;Amazon AWS SDK&quot; (aws) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to use of a Broken or Risky Cryptographic Algorithm.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-003: Vulnerability in bundled package in extension &quot;Amazon Web Services (AWS) Toolbox&quot; (aws_tools)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-003</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-003#comments</comments><pubDate>Tue, 20 Jan 2026 08:32:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-003</guid><description>It has been discovered that the extension &quot;Amazon Web Services (AWS) Toolbox&quot; (aws_tools) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to use of a Broken or Risky Cryptographic Algorithm.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-002: Vulnerability in bundled package in extension &quot;AWS SDK for PHP&quot; (aws_sdk_php)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-002</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-002#comments</comments><pubDate>Tue, 20 Jan 2026 08:31:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-002</guid><description>It has been discovered that the extension &quot;AWS SDK for PHP&quot; (aws_sdk_php) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to use of a Broken or Risky Cryptographic Algorithm.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2026-001: Insecure Deserialization in extension &quot;Mailqueue&quot; (mailqueue)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-001</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-001#comments</comments><pubDate>Tue, 20 Jan 2026 08:30:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2026-001</guid><description>It has been discovered that the extension &quot;Mailqueue&quot; (mailqueue) is vulnerable to insecure deserialization.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-004: Insecure Deserialization via Mailer File Spool</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-004</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-004#comments</comments><pubDate>Tue, 13 Jan 2026 12:04:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-004</guid><description>It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-003: Broken Access Control in Recycler Module</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-003</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-003#comments</comments><pubDate>Tue, 13 Jan 2026 12:03:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-003</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-002: Broken Access Control in Redirects Module</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-002</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-002#comments</comments><pubDate>Tue, 13 Jan 2026 12:02:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-002</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-001: Broken Access Control in Edit Document Controller</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-001</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-001#comments</comments><pubDate>Tue, 13 Jan 2026 12:01:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-001</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-EXT-SA-2025-016: Vulnerability in bundled package in extension &quot;Single Sign-on with SAML&quot; (md_saml)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-016</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-016#comments</comments><pubDate>Wed, 17 Dec 2025 10:00:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-016</guid><description>It has been discovered that the extension &quot;Single Sign-on with SAML&quot; (md_saml) bundles a vulnerable version of “onelogin/php-saml“ which is susceptible to Authentication Bypass.</description></item>


    
        
<item><title>Report from the TYPO3 Code Sprint in Geneva</title><link>https://news.typo3.com/article/report-from-the-typo3-code-sprint-in-geneva</link><comments>https://news.typo3.com/article/report-from-the-typo3-code-sprint-in-geneva#comments</comments><pubDate>Mon, 17 Nov 2025 11:06:28 +0100</pubDate><dc:creator>Michael Binder</dc:creator><guid>https://news.typo3.com/article/report-from-the-typo3-code-sprint-in-geneva</guid><description>27–31 October, TYPO3 contributors got together in Geneva, Switzerland, for a TYPO3 Code Sprint. It wasn’t just the Core Team — anyone interested in improving TYPO3 was welcome to join and this time, I had the pleasure of joining for the very first time.</description><enclosure
            length="1377707"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/3/2/csm_IMG_1719_142fb459bb.webp" /></item>


    
        
<item><title>TYPO3-EXT-SA-2025-015: Broken Authentication in extension &quot;Modules&quot; (modules)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-015</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-015#comments</comments><pubDate>Wed, 12 Nov 2025 11:31:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-015</guid><description>It has been discovered that the extension &quot;Modules&quot; (modules) is susceptible to Broken Authentication.
</description></item>


    
        
<item><title>TYPO3-EXT-SA-2025-014: Vulnerability in bundled package in extension &quot;Forms Export&quot; (frp_form_answers)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-014</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-014#comments</comments><pubDate>Wed, 12 Nov 2025 11:30:00 +0100</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-014</guid><description>It has been discovered that the extension &quot;Forms Export&quot; (frp_form_answers) bundles a vulnerable version of &quot;phpoffice/phpspreadsheet&quot;, which is susceptible to Server-Side Request Forgery.</description></item>


    
        
<item><title>TYPO3 13.4.20 and 12.4.39 maintenance releases published</title><link>https://news.typo3.com/article/typo3-13420-and-12439-maintenance-releases-published</link><comments>https://news.typo3.com/article/typo3-13420-and-12439-maintenance-releases-published#comments</comments><pubDate>Tue, 11 Nov 2025 12:10:00 +0100</pubDate><dc:creator>Benni Mack</dc:creator><guid>https://news.typo3.com/article/typo3-13420-and-12439-maintenance-releases-published</guid><description>The versions 13.4.20 and 12.4.39 of the TYPO3 Enterprise Content Management System have just been released.</description></item>


    
        
<item><title>ACL Enhancements — Permission Sets in TYPO3</title><link>https://news.typo3.com/article/acl-enhancements-permission-sets-in-typo3</link><comments>https://news.typo3.com/article/acl-enhancements-permission-sets-in-typo3#comments</comments><pubDate>Sun, 02 Nov 2025 21:54:25 +0100</pubDate><dc:creator>Łukasz Uznański</dc:creator><guid>https://news.typo3.com/article/acl-enhancements-permission-sets-in-typo3</guid><description>In this article, Łukasz Uznański outlines the design, development journey (including UX experiments and pitfalls), and practical scenarios for applying permission sets in both new and existing TYPO3 projects.</description><enclosure
            length="341007"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/2/f/csm_pexels-asphotography-101808_ed7a54a85a.webp" /></item>


    
        
<item><title>Content Preview: The Journey of a Side-By-Side Budget Idea</title><link>https://news.typo3.com/article/content-preview-the-journey-of-a-side-by-side-budget-idea</link><comments>https://news.typo3.com/article/content-preview-the-journey-of-a-side-by-side-budget-idea#comments</comments><pubDate>Fri, 24 Oct 2025 13:25:59 +0200</pubDate><dc:creator>Łukasz Uznański</dc:creator><guid>https://news.typo3.com/article/content-preview-the-journey-of-a-side-by-side-budget-idea</guid><description>In this report, Łukasz Uznański shares the story behind his community budget idea and presents the first results of the new Content Preview extension.</description><enclosure
            length="219947"
            type="image/png"
            url="https://news.typo3.com/fileadmin/_processed_/8/a/csm_side-by-side-image4_293b00bbd8.webp" /></item>


    
        
<item><title>Community Budget Report: A Modern Rich Text Editor (RTE) Experience With TipTap</title><link>https://news.typo3.com/article/community-budget-report-a-modern-rich-text-editor-rte-experience-with-tiptap</link><comments>https://news.typo3.com/article/community-budget-report-a-modern-rich-text-editor-rte-experience-with-tiptap#comments</comments><pubDate>Fri, 17 Oct 2025 11:25:05 +0200</pubDate><dc:creator>Florian Langer</dc:creator><guid>https://news.typo3.com/article/community-budget-report-a-modern-rich-text-editor-rte-experience-with-tiptap</guid><description>In this report, Florian Langer shares the story behind his community budget idea and presents the first results of the new TipTap rich-text editor integration.</description><enclosure
            length="76130"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/0/b/csm_tiptap-IMG_9150-vignette_6ef6d7a8cc.webp" /></item>


    
        
<item><title>TYPO3 13.4.19 and 12.4.38 maintenance releases published</title><link>https://news.typo3.com/article/typo3-13419-and-12438-maintenance-releases-published</link><comments>https://news.typo3.com/article/typo3-13419-and-12438-maintenance-releases-published#comments</comments><pubDate>Tue, 14 Oct 2025 13:00:00 +0200</pubDate><dc:creator>Benni Mack</dc:creator><guid>https://news.typo3.com/article/typo3-13419-and-12438-maintenance-releases-published</guid><description>The versions 13.4.19 and 12.4.38 of the TYPO3 Enterprise Content Management System have just been released.</description></item>


    
        
<item><title>Vote Now for the TYPO3 Best Extension Award 2025</title><link>https://news.typo3.com/article/vote-now-for-the-typo3-best-extension-award-2025</link><comments>https://news.typo3.com/article/vote-now-for-the-typo3-best-extension-award-2025#comments</comments><pubDate>Sun, 12 Oct 2025 13:14:00 +0200</pubDate><dc:creator>Myrna Gönnemann</dc:creator><guid>https://news.typo3.com/article/vote-now-for-the-typo3-best-extension-award-2025</guid><description>TYPO3 has always been built on collaboration and the strength of open source. One of the greatest advantages of our ecosystem is the wide range of extensions that make TYPO3 as powerful and flexible as it is. These extensions are created and maintained by individuals and teams who dedicate their time and expertise to improving TYPO3 for everyone.</description><enclosure
            length="165721"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/0/5/csm_Media_Awards_2025_95f0686e99.webp" /></item>


    
        
<item><title>TYPO3-EXT-SA-2025-013: Vulnerability in bundled package in extension &quot;Base Excel&quot; (base_excel)</title><link>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-013</link><comments>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-013#comments</comments><pubDate>Tue, 16 Sep 2025 10:31:00 +0200</pubDate><dc:creator>Torben Hansen</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-ext-sa-2025-013</guid><description>It has been discovered that the extension &quot;Base Excel&quot; (base_excel) bundles a vulnerable version of “phpoffice/phpspreadsheet“ which is susceptible to Server-Side Request Forgery.</description></item>


    



    </channel>
</rss>
