TYPO3 News & Events Hub
What’s New & What’s Coming
Stay up to date with the latest TYPO3 news and announcements by subscribing to our RSS feed.
TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor
It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
Mehr erfahrenTYPO3 v7.6.36 and 6.2.42 ELTS Released
Are you still sticking to an older version of TYPO3? Recently, TYPO3 v7.6.36 and 6.2.42 ELTS have been released. Staying on top of maintenance and security updates should be a top priority. Gain peace of mind by opting for one of TYPO3 GmbH’s ELTS offers.
Teamleader Meeting March / April 2019
The leaders of the official teams and committees of the TYPO3 projects met to their monthly meeting. Highlight was a workshop, to improve communication. Once in a month our leaders met in an online meeting, to coordinate all efforts for our project. In March and April we had two meetings. One regular online meeting and one real life meeting in Leipzig.
TYPO3 9.5.6 and 8.7.25 security releases published
The TYPO3 Community announces the versions 9.5.6 LTS and 8.7.25 LTS of the TYPO3 Enterprise Content Management System.
TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest)
It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.
TYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag)
It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.
TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)
It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.
TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)
It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.
TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)
It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.
TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.