TYPO3 News & Events Hub
What’s New & What’s Coming
TYPO3 7.6.54 and 8.7.43 ELTS Released
Still sticking to an older version of TYPO3? Today, 7.6.54 and 8.7.43 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
Read moreTYPO3 10.4.20, 9.5.30 and 11.3.3 maintenance releases published
The versions 10.4.20, 9.5.30 and 11.3.3 of the TYPO3 Enterprise Content Management System have just been released.
About the Latest TYPO3 Core Security Release
The security releases published on Tuesday, August 10, 2021, contained a very important security bug fix. It removes malicious and incorrect HTML from rich-text-enabled fields. However, it has also caused problems for a number of sites.
Report From “QA Best Practices Usable by Community” (August 2021)
Thanks to all of the community members who voted for our budget. This report will provide an overview of the outcome for the first half of this year.
TYPO3 7.6.53 and 8.7.42 ELTS Released
Still sticking to an older version of TYPO3? Today, 7.6.53 and 8.7.42 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
SQL Injection in extension "Newsletter" (newsletter)
It has been discovered that the extension"Newsletter" (newsletter) is susceptible to SQL Injection.
Multiple vulnerabilities in Extension "Dated News" (dated_news)
It has been discovered that the extension"Dated News" (dated_news) is susceptible to SQL Injection, Cross-Site Scripting, Information Disclosure and Broken Access Control.
Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)
It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Cross Site Scripting.
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
It has been discovered that the extension "Miniorange Saml" (miniorange_saml) is susceptible to Cross-Site Scripting, Sensitive Data Exposure and vulnerable 3rd Party Components.
Cross-Site Scripting in Extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site Scripting.
Denial of Service in Extension "Deferred image processing" (deferred_image_processing)
It has been discovered that the extension "Deferred image processing" (deferred_image_processing) is susceptible to Denial of Service.
Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
It has been discovered that the extension “Extbase Yaml Routes” (routes) is susceptible to Sensitive Information Disclosure.
Cross-Site Scripting via Rich-Text Content
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3 11.3.2, 10.4.19, 9.5.29, 8.7.42, 7.6.53 security releases published
The versions 11.3.2, 10.4.19, 9.5.29, 8.7.42, 7.6.53 of the TYPO3 Enterprise Content Management System have just been released.
The TYPO3 Demo Project Meets Hebrew
Have you ever wanted to see a TYPO3 website with a right-to-left language? Well now you can! We are happy to announce that the TYPO3 demo project is now available in Hebrew.
July 2021: Developer Appreciation Day (DAD)
Each month, we take the opportunity to celebrate contributors in our Developer Appreciation Day post. Please take a moment to share gratitude for their continued passion, commitment, and time they give to making TYPO3 CMS awesome.
Documentation Restructuring—Status Update
We are pleased to announce that the first stage of the documentation restructuring process has been completed. The documentation homepage and the global menu changes were published last week and contain a new layout for the homepage and a...
TYPO3 7.6.52 and 8.7.41 ELTS Released
Still sticking to an older version of TYPO3? Today, 7.6.52 and 8.7.41 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
TYPO3 11.3.1, 10.4.18, 9.5.28, 8.7.41, 7.6.52 security releases published
The versions 11.3.1, 10.4.18, 9.5.28, 8.7.41, 7.6.52 of the TYPO3 Enterprise Content Management System have just been released.
CSV Code Injection
It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external applications.