TYPO3 News & Events Hub
What’s New & What’s Coming
Extension Repository Shows Localization Status
The TYPO3 Extension Repository now includes the status of translations for extensions drawn from Crowdin. This is an exciting development because TYPO3 is an international community. Previously, it was difficult to find out the status of translation...
Read moreA First Glimpse of TYPO3 v11
TYPO3 v11 System Requirements and Release Dates.
SkillDisplay - Learning Resources for TYPO3 Beginners
SkillDisplay’s blog post is about TYPO3 learning resources for beginners including YouTube channels, TYPO3 docs and free-trail TYPO3 instances. Figure out how to use and contribute to the resources in the step by step guide provided. Thank you to...
An Open Discussion on the TYPO3 Association Budget Ideas for 2021
As you may already know, the Board launched a process to generate ideas for the 2021 Budget. We have received so many great ideas that we’d like you to help us select from them.
TYPO3 v6.2.55, 7.6.49, and 8.7.38 ELTS Released
Still sticking to an older version of TYPO3? Today, TYPO3 v6.2.55 ELTS, 7.6.49, and 8.7.38 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support...
TYPO3 10.4.10 and 9.5.23 security releases published
The versions 10.4.10 and 9.5.23 of the TYPO3 Enterprise Content Management System have just been released.
Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
Repeating and refining public service announcement TYPO3-PSA-2019-010.
Protecting Install Tool with Sudo Mode
Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.
XML External Entity in Dashboard Widget
It has been discovered that TYPO3 CMS is susceptible to XML external entity processing.
Cleartext storage of session identifier
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
Cross-Site Scripting in Fluid view helpers
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting..
Cross-Site Scripting through Fluid view helper arguments
It has been discovered that the Fluid Engine is vulnerable to cross-site scripting.
Denial of Service in extension "Authenticator" (defbu_authenticator)
It has been discovered that the extension "Authenticator" (defbu_authenticator) is susceptible to Denial of Service.
Sensitive Data Exposure in extension "View frontend statistics" (view_statistics)
It has been discovered that the extension "View frontend statistics" (view_statistics) is susceptible to Sensitive Data Exposure.
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection and Cross-Site Scripting.
Successful TYPO3 Accessibility Sprint
The first remote accessibility sprint took place from 21st to 23rd of October 2020 and it was successful indeed. During these three productive days we focused on knowledge sharing, addressing open issues, and creating a practical checklist for...
Community Ombudsperson—What Are Your Thoughts?
Just before the Developer Days 2019, a small group was formed to look into setting up a formal body to ensure the wellbeing of everyone in the community—so-called ombudspersons. Now, we’re asking for your input.
TYPO3 on AWS Elastic Beanstalk
Among the wide range of options for professional TYPO3 hosting in the cloud is AWS Elastic Beanstalk; an easy-to-use service for deploying and scaling web applications. Learn more about this solution and how to deploy TYPO3 instances in this article.
Bringing Rector to TYPO3 for Automated Upgrades
Keeping up with changes is challenging at the best of times. There are some good tools to help keep track of changes, but they still require tedious manual labor. What if you had a tool that would not only keep you but also your codebase up to date?...
Server Team Status Report—November 2020
After one meeting in person early this year, all our subsequent sprints were forced into remote calls due to the ongoing pandemic. Nevertheless, we’ve used the sprint dates we had already agreed upon to tackle our duties from home.