TYPO3 News & Events Hub
What’s New & What’s Coming
TYPO3-20051114-5: TYPO3 Security Bulletin
For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the generated value are actually random. The overall key is therefore unique and -as of today- considered sufficiently secure. However, the effective key length is not the intended one.
Read moreTYPO3-20051114-4: TYPO3 Security Bulletin
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks.
TYPO3-20051114-3: TYPO3 Security Bulletin
Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
TYPO3-20051114-2: TYPO3 Security Bulletin
A Cross Site Scripting issue has been found in showpic.php.
TYPO3-20051114-1: TYPO3 Security Bulletin
The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set, this will create a backup copy and append a "~" to the original file name. This leads to file names that may be delivered as text files by a web server. Thus, sensitive information (e.g. the content of localconf.php) may be disclosed.
New Logo and Guidelines now Online
Get prepared for the new CI to be launched on 29th. of January 2006.
SECURITY-BULLETINS-CHC-FORUM-TH-MAILFORMPLUS: Security Bulletins: chc_forum, th_mailformplus
Two security bulletins regarding the 3rd party extensions "CHC Forum" and "th_mailformplus" have been issued today. Fixed versions are available.
TYPO3-20051107-2: th_mailformplus
A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.
TYPO3-20051107-1: chc_forum
A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code.
Scalable Inman Flash Replacement
TYPO3 implementation of Scalable Inman Flash Replacement, a method to insert rich typography into web pages without sacrificing accessibility, search engine friendliness, or markup semantics. In an email interview I recently had with Maximo Cuadros Ortiz, the author of the sIFR extension, he tells us a little bit about his work and motivation.