TYPO3 News & Events Hub
What’s New & What’s Coming
TYPO3 11.5.7 and 10.4.25 maintenance releases published
The versions 11.5.7 and 10.4.25 of the TYPO3 Enterprise Content Management System have just been released.
Read moreSanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
We Need You for the Board and the Business Control Committee!
Are you a passionate member of the TYPO3 community? Do you have a vision for the future of TYPO3? Whether you are a developer or non-code contributor, TYPO3 needs dedicated people to help guide and serve the community.
File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)
It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
Insecure direct object reference in extension "Varnishcache" (varnishcache)
It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
Server-side request forgery in extension "Kitodo.Presentation" (dlf)
It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
New Code of Conduct: Cast Your Vote
All my.typo3.org users can vote to accept or reject the new Code of Conduct for the TYPO3 community. To give it the broadest possible foundation, this vote is also open to those without a TYPO3 Association membership. Voting closes 7 March, 2022.
TYPO3 and its Accessibility in the Backend
Two accessibility case studies from the daily work of a blind editor, and the experience of a blind tester.
Team Report 2021—typo3.org Website Team
As in 2020, last year we had a focus on typo3.org Remote Days—two times a month we held remote meetings and worked on the typo3.org pages. No physical meetings were possible and consequently, we suffered a loss in contributions.
TYPO3 11.5.6 and 10.4.24 maintenance releases published
The versions 11.5.6 and 10.4.24 of the TYPO3 Enterprise Content Management System have just been released.
Call for Budget Application Ideas—Association Budget 2022
The Business Control Committee (BCC) is asking the TYPO3 community to submit their ideas for the 2022 Association budget. For this year we would like to focus on innovative ideas to foster and grow TYPO3 and the community.
TYPO3 Documentation Team Report 2021
The TYPO3 documentation tools are constantly improved by the TYPO3 Documentation Team to support you, the reader, in getting comprehensive information and quickly finding answers to your questions, and to help you, the author, in creating...
Report From the TYPO3 Quality Assurance Initiative
Thanks to all of the community members who voted for our budget. This report will provide an overview of the outcome for the second half of 2021.
New System Requirements for Upcoming TYPO3 v12
TYPO3 v12 LTS will be released in April 2023. With every major TYPO3 version, we increase the minimum requirements to evolve with the ecosystem running TYPO3.
TYPO3 11.5.5 and 10.4.23 maintenance releases published
The versions 11.5.5 and 10.4.23 of the TYPO3 Enterprise Content Management System have just been released.
December 2021: Developer Appreciation Day (DAD)
Each month, we take the opportunity to celebrate contributors in our Developer Appreciation Day post. Please take a moment to share gratitude for their continued passion, commitment, and time they give to making TYPO3 CMS awesome.
Extension Award 2021—Announcing the Winners
The TYPO3 Extension Award for Best Documentation 2021 has the following winners:
Meet Thomas “Spoony” Löffler, TYPO3 Freelancer and Contributor, Germany (Application Podcast S02E13)
In this episode, we speak with TYPO3 Team Lead Thomas “Spoony” Löffler, a developer and contributor to TYPO3 since 2005. Thomas loves attending TYPO3 events, and he also runs his own one-person TYPO3 agency, Spooner Web. We speak about his extensive...
Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services used in web application scenarios may be affected.