TYPO3 News & Events Hub
What’s New & What’s Coming
Stay up to date with the latest TYPO3 news and announcements by subscribing to our RSS feed.
T3N Magazine 02/2005
The latest issue of the German-language T3N Magazine (02/2005) can now be ordered. The reader can expect a wide spectrum of interesting articles about TYPO3 and other open source technologies.
Mehr erfahrenAnnouncing the News Team
TYPO3 3.8.1 released
SECURITY-BULLETINS-IMPORTANT-SECURITY-ENHANCEMENTS-IN-TYPO3-381: Security Bulletins: Important Security Enhancements in TYPO3 3.8.1
Multiple TYPO3 Security Bulletins have been issued, all of which are addressed by the release of TYPO3 3.8.1.
TYPO3-20051114-7: TYPO3 Security Bulletin
Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information.
TYPO3-20051114-6: TYPO3 Security Bulletin
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration.
TYPO3-20051114-5: TYPO3 Security Bulletin
For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the generated value are actually random. The overall key is therefore unique and -as of today- considered sufficiently secure. However, the effective key length is not the intended one.
TYPO3-20051114-4: TYPO3 Security Bulletin
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks.
TYPO3-20051114-3: TYPO3 Security Bulletin
Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
TYPO3-20051114-2: TYPO3 Security Bulletin
A Cross Site Scripting issue has been found in showpic.php.