TYPO3 News & Events Hub
What’s New & What’s Coming
Report From the Best Practices Remote Day April 2025
The TYPO3 Best Practices Team gathered for another Remote Day. This time Karsten Nowak and Felix Althaus joined the team members Oliver Klee and Bernd Sengupta. We focused on some long-standing issues with the Tea Example (tea) extension, as well as...
Read moreTYPO3 Pulse #01 – Accessibility
May is Accessibility Month, and this edition’s content focuses on accessibility-related topics, along with content on open source for the public good.
Using TYPO3 for Small Projects Pt. 1
Discover how easy it is to install TYPO3 and use it for your personal blog or microsite—even beyond enterprise projects.
Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure Direct Object Reference.
Multiple vulnerabilities in extension "Backup Plus" (ns_backup)
It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site Scripting.
Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)
It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting.
Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)
It has been discovered that the extension "Download manager" (reint_downloadmanager) is susceptible to Insecure Direct Object Reference.
TYPO3 9.5.51, 10.4.50, and 11.5.44 ELTS Released
Still sticking to an older version of TYPO3? Today, 9.5.51, 10.4.50 and 11.5.44 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
TYPO3 Trademark Usage: What’s Allowed and What’s Not
Clear guidelines to support your TYPO3 activities — and protect the brand we all share
TYPO3 13.4.12 and 12.4.31 security releases published
The versions 13.4.12 and 12.4.31 of the TYPO3 Enterprise Content Management System have just been released.
Privilege Escalation to System Maintainer
It has been discovered that TYPO3 CMS is susceptible to broken authentication.
Broken Authentication in Backend MFA
It has been discovered that TYPO3 CMS is susceptible to broken authentication.
Unrestricted File Upload in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
Unverified Password Change for Backend Users
It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
Server-Side Request Forgery via Webhooks
It has been discovered that TYPO3 CMS is susceptible to server side request forgery..
Information Disclosure via DBAL Restriction Handling
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3 Trademark Usage: What’s Allowed and What’s Not
Clear guidelines to support your TYPO3 activities — and protect the brand we all share
TYPO3 Association Supports an EU Sovereign Tech Fund
At the beginning of this month, the TYPO3 Association submitted a letter of support for an EU Sovereign Tech Fund. The letter was sent to the European Commission alongside letters from fellow open-source CMSs Drupal and Joomla, and the open source...
T3CON24 Recap – Hourly vs. Value-Based Pricing for Agencies
Hourly rates limit profitability. Learn how TYPO3 agencies can use value-based pricing to maximize revenue, improve client relationships, and scale sustainably.