TYPO3 News & Events Hub
What’s New & What’s Coming
Report From “QA Best Practices Usable by Community” (August 2021)
Thanks to all of the community members who voted for our budget. This report will provide an overview of the outcome for the first half of this year.
Read moreTYPO3 7.6.53 and 8.7.42 ELTS Released
Still sticking to an older version of TYPO3? Today, 7.6.53 and 8.7.42 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
SQL Injection in extension "Newsletter" (newsletter)
It has been discovered that the extension"Newsletter" (newsletter) is susceptible to SQL Injection.
Multiple vulnerabilities in Extension "Dated News" (dated_news)
It has been discovered that the extension"Dated News" (dated_news) is susceptible to SQL Injection, Cross-Site Scripting, Information Disclosure and Broken Access Control.
Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)
It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Cross Site Scripting.
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
It has been discovered that the extension "Miniorange Saml" (miniorange_saml) is susceptible to Cross-Site Scripting, Sensitive Data Exposure and vulnerable 3rd Party Components.
Cross-Site Scripting in Extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site Scripting.
Denial of Service in Extension "Deferred image processing" (deferred_image_processing)
It has been discovered that the extension "Deferred image processing" (deferred_image_processing) is susceptible to Denial of Service.
Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
It has been discovered that the extension “Extbase Yaml Routes” (routes) is susceptible to Sensitive Information Disclosure.
Cross-Site Scripting via Rich-Text Content
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3 11.3.2, 10.4.19, 9.5.29, 8.7.42, 7.6.53 security releases published
The versions 11.3.2, 10.4.19, 9.5.29, 8.7.42, 7.6.53 of the TYPO3 Enterprise Content Management System have just been released.
The TYPO3 Demo Project Meets Hebrew
Have you ever wanted to see a TYPO3 website with a right-to-left language? Well now you can! We are happy to announce that the TYPO3 demo project is now available in Hebrew.
July 2021: Developer Appreciation Day (DAD)
Each month, we take the opportunity to celebrate contributors in our Developer Appreciation Day post. Please take a moment to share gratitude for their continued passion, commitment, and time they give to making TYPO3 CMS awesome.
Documentation Restructuring—Status Update
We are pleased to announce that the first stage of the documentation restructuring process has been completed. The documentation homepage and the global menu changes were published last week and contain a new layout for the homepage and a...
TYPO3 7.6.52 and 8.7.41 ELTS Released
Still sticking to an older version of TYPO3? Today, 7.6.52 and 8.7.41 have been released. Staying on top of maintenance updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
TYPO3 11.3.1, 10.4.18, 9.5.28, 8.7.41, 7.6.52 security releases published
The versions 11.3.1, 10.4.18, 9.5.28, 8.7.41, 7.6.52 of the TYPO3 Enterprise Content Management System have just been released.
CSV Code Injection
It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external applications.
Sensitive links in search results of TYPO3 extension indexed_search
It has been discovered that the TYPO3 extension “Indexed Search” may index sensitive links under certain conditions.
Information Disclosure in User Authentication
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Cross-Site Scripting in Backend Grid View
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.