TYPO3 News & Events Hub
What’s New & What’s Coming
Report From the Best Practices Remote Day April 2025
The TYPO3 Best Practices Team gathered for another Remote Day. This time Karsten Nowak and Felix Althaus joined the team members Oliver Klee and Bernd Sengupta. We focused on some long-standing issues with the Tea Example (tea) extension, as well as...
Read moreTYPO3 für kleine Projekte nutzen, Teil 1
Einfache TYPO3-Anleitung: In diesem zweiteiligen Guide lernst du Schritt für Schritt, wie du TYPO3 installierst und für deinen eigenen Blog einrichtest.
Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure Direct Object Reference.
Multiple vulnerabilities in extension "Backup Plus" (ns_backup)
It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site Scripting.
Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)
It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting.
Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)
It has been discovered that the extension "Download manager" (reint_downloadmanager) is susceptible to Insecure Direct Object Reference.
TYPO3 9.5.51, 10.4.50, and 11.5.44 ELTS Released
Still sticking to an older version of TYPO3? Today, 9.5.51, 10.4.50 and 11.5.44 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
TYPO3 Trademark Usage: What’s Allowed and What’s Not
Clear guidelines to support your TYPO3 activities — and protect the brand we all share
TYPO3 13.4.12 and 12.4.31 security releases published
The versions 13.4.12 and 12.4.31 of the TYPO3 Enterprise Content Management System have just been released.
Privilege Escalation to System Maintainer
It has been discovered that TYPO3 CMS is susceptible to broken authentication.
Broken Authentication in Backend MFA
It has been discovered that TYPO3 CMS is susceptible to broken authentication.
Unrestricted File Upload in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
Unverified Password Change for Backend Users
It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
Server-Side Request Forgery via Webhooks
It has been discovered that TYPO3 CMS is susceptible to server side request forgery..
Information Disclosure via DBAL Restriction Handling
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3 Association Supports an EU Sovereign Tech Fund
At the beginning of this month, the TYPO3 Association submitted a letter of support for an EU Sovereign Tech Fund. The letter was sent to the European Commission alongside letters from fellow open-source CMSs Drupal and Joomla, and the open source...
T3CON24 Recap - Stundensatz vs. wertorientierte Preisgestaltung für Agenturen
Stundensätze begrenzen die Rentabilität. Erfahren Sie, wie TYPO3-Agenturen mit wertorientierter Preisgestaltung ihren Umsatz maximieren, Kundenbeziehungen verbessern und nachhaltig skalieren können.
TYPO3 13.4.11 and 12.4.30 maintenance releases published
The versions 13.4.11 and 12.4.30 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3 als digitales öffentliches Gut: Ein Interview mit Mathias Bolt Lesniak
TYPO3-Projektbotschafter Mathias Bolt Lesniak über die Aufnahme von TYPO3 in das Digital Public Good Registry, den Aufbau eines offenen Webs und die Bedeutung der digitalen Souveränität.