TYPO3 News & Events Hub
What’s New & What’s Coming
Vote Now! Budget 2025 Ideas for Q4/2025 Have Been Published
The call for community budget ideas for the fourth quarter of 2025 was successful: Nine of nine ideas have made it to the poll. These ideas can now be discussed and TYPO3 Association members can cast their vote.
Read moreVulnerability in bundled package in extension "Base Excel" (base_excel)
It has been discovered that the extension "Base Excel" (base_excel) bundles a vulnerable version of “phpoffice/phpspreadsheet“ which is susceptible to Server-Side Request Forgery.
Cross-Site Scripting in extension "Form to Database" (form_to_database)
It has been discovered that the extension "Form to Database" (form_to_database) is susceptible to Cross-Site Scripting.
Community Budget Report: Pinned Content Elements
Georg Ringer provides an update on his Community Budget for Q3/2025: In the third quarter of 2025, I had the opportunity to work on a new extension which improves the workflow for editors.
Information Disclosure via CSV Download
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Information Disclosure in Workspaces Module
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Broken Access Control in Backend AJAX Routes
It has been discovered that TYPO3 CMS is susceptible to broken access control.
Information Disclosure via File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Insufficient Entropy in Password Generation
It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.
Denial of Service in TYPO3 Bookmark Toolbar
It has been discovered that TYPO3 CMS is susceptible to denial of service.
Open Redirect in TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to open redirect.
TYPO3 13.4.18 and 12.4.37 security releases published
The versions 13.4.18 and 12.4.37 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3 9.5.55, 10.4.54, and 11.5.48 ELTS Released
Still sticking to an older version of TYPO3? Today, 9.5.55, 10.4.54 and 11.5.48 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
This Month in TYPO3: August 2025 [Issue #28]
August saw an open call for Q4 community-budget ideas, a milestone localization update welcoming new language teams, and a heartfelt tribute to Symfony’s Ryan Weaver. It’s a month to propose bold initiatives, amplify global voices, and appreciate...
Meet the 2025 TYPO3 Awards Jury – Submit Your Projects until 15 September
It’s that time of year again! The 2025 TYPO3 Conference (25-27 November) and Awards Gala (27 November) in Düsseldorf, Germany, are just around the corner, and we’re thrilled to introduce the expert jury who will be selecting this year’s winners.
Command Injection in extension "TYPO3 Backup Plus" (ns_backup)
It has been discovered that the extension "TYPO3 Backup Plus" (ns_backup) is susceptible to Command Injection.
TYPO3 at DMEXCO 2025: Five Reasons to Be Excited
The TYPO3 team will be attending DMEXCO 2025. Learn about the most exciting talks, learning opportunities and networking taking place at DMEXCO and the TYPO3 booth.
Coders' Corner: August 2025
Celebrating TYPO3 contributors! See last month’s numbers, patches, reviews, translations, and the amazing developers behind our open source success.
Remembering Ryan Weaver From the Symfony Project
It is with deep sadness that I learned about the passing of Ryan Weaver on 25 August 2025. Ryan was a beloved teacher, Symfony core team member, and a true inspiration in the PHP open source community.
TYPO3 Community Expansion Committee: Activity Update January–July 2025
During the first half of 2025, the TYPO3 Community Expansion Committee continued its efforts to promote TYPO3 internationally, focusing on institutional adoption, strategic partnerships, and public-sector digital transformation.