TYPO3 News & Events Hub
What’s New & What’s Coming
This Week in TYPO3 (2015, Week 26)
This Week we have TYPO3camp Berlin, T3Rookies Summercamp in Romania, codesprint in France and Roar: Docs! Docs! Docs!
Read moreTYPO3 CMS 6.2.14 and 7.3.1 released
The TYPO3 Community announces the versions 6.2.14 LTS and 7.0.2 of the TYPO3 Enterprise Content Management System.
Access bypass when editing file metadata
It has been discovered, that editors could change, create or delete metadata of files without permission.
Frontend login Session Fixation
It has been discovered that TYPO3 is susceptible to session fixation.
Cross-Site Scripting in Link Handling & File List
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting.
Information Disclosure possibility exploitable by Editors
It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation.
Brute Force Protection Bypass in backend login
It has been discovered, that the backend login brute force protection can be bypassed
Cross-Site Scripting in 3rd party library Flowplayer
It has been discovered, that third party component Flowplayer Flash is vulnerable to cross-site scripting.
Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling)
It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting
This Week in TYPO3 (2015, Week 25)
Neos splits of from the TYPO3 community, release of TYPO3 CMS 7.3, new TYPO3 Agency meetups and events: T3CON15 and T3CON15ASIA
#T3THX – The behind the scene of being a TYPO3 Association Member
With the aim of saying thank you to them, as well as to hear what they would thank the TYPO3 Association for, we asked our Platinum Members to tell us about their experience as crucial supporting part of the TYPO3 Association (T3A).
Member Poll regarding the Neos split
Information about the upcoming poll for members of the TYPO3 Association.
SQL Injection in extension "Akronymmanager" (sb_akronymmanager)
It has been discovered that the extension "Akronymmanager" (sb_akronymmanager) is susceptible to SQL Injection
May diary of the TYPO3 Association
In the era of keywords, if we would have to choose one for the month of May at the TYPO3 Association we would go for “change”.
Announcing TYPO3 CMS 7.3 - More Stability, More Control
The TYPO3 community is pleased to announce the latest version of TYPO3 CMS which serves as another intermediate step towards the final TYPO3 CMS 7 LTS to be released in fall 2015.
Register now for a 2015 TYPO3 Agency Meetup near you!
The marketing team has now finished the preparation and schedule for the 2015 Agency Meetup Days. Register now for an event in your area. Find some more information on the Agency Days: An
Arbitrary Code Execution in extension Job Fair (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Arbitrary Code Execution
Cross-Site Scripting in extension BE User Log (beko_beuserlog)
It has been discovered that the extension "BE User Log" (beko_beuserlog) is susceptible to Cross-Site Scripting
Arbitrary Code Execution in extension Frontend User Upload (feupload)
It has been discovered that the extension "Frontend User Upload" (feupload) is susceptible to Arbitrary Code Execution
SQL Injection vulnerability in extension wt_directory (wt_directory)
It has been discovered that the extension "wt_directory" (wt_directory) is susceptible to SQL Injection