TYPO3 News & Events Hub
What’s New & What’s Coming
Multiple vulnerabilities in extension "Adminer" (t3adminer)
It has been discovered that the extension "Adminer" (t3adminer) is susceptible to Server-side request forgery and Cross-Site Scripting.
Read moreSQL Injection in extension "One is Enough Library" (oelib)
It has been discovered that the extension "One is Enough Library" (oelib) is susceptible to SQL Injection.
SQL Injection in extension "Seminar Manager" (seminars)
It has been discovered that the extension "Seminar Manager" (seminars) is susceptible to SQL Injection.
Remote Code Execution in extension "Job portal" (psvneo_jobfair)
It has been discovered that the extension "Job portal" (psvneo_jobfair) is susceptible to Remote Code Execution.
Harbor Talk Videos
Did you happen to catch the TYPO3 Harbor Talks video series? TYPO3 Project Lead, Benni Mack joins Mathias Schreiber, CEO at TYPO3 GmbH, in the Media Harbor in Düsseldorf, Germany, for a series of bite-sized talks about TYPO3.
TYPO3 11.5.9 and 10.4.27 maintenance releases published
The versions 11.5.9 and 10.4.27 of the TYPO3 Enterprise Content Management System have just been released.
Presentation: Candidates for the Board and Business Control Committee Elections
The nomination phase for the upcoming elections to the TYPO3 Association Board and Business Control Committee (BCC) ended on Tuesday and we're happy to present the candidates.
University students help showcase TYPO3 in the UK
Between December 2021 and February 2022 members of the TYPO3 GmbH visited second-year Graphic Communication students to deliver a client pitch where students were asked to produce a short animated video to promote TYPO3 in the UK.
Open Discussion on the TYPO3 Association Budget Ideas for 2022
As you may already know, the Business Control Committee (BCC) launched a process to generate ideas for the 2022 budget. We have received many great ideas that we’d like you to help us select from.
The FGTCLB Joins TYPO3 Platinum Membership
Knowledge exchange and community involvement are the motivation for one of the world’s largest TYPO3 agency networks joining the top-tier TYPO3 Association membership.
Code the TYPO3 Core in 2022
Every year we are re-evaluating the Core development workflow, and open up for new people to join the efforts of driving TYPO3 Core's development further. Maybe 2022 could be your year to join?
Now in Effect: the New Code of Conduct
The community vote concluded with 71 votes for and 4 votes against. The proposal has been approved and the new Code of Conduct for the TYPO3 community is in effect.
TYPO3 11.5.8 and 10.4.26 maintenance releases published
The versions 11.5.8 and 10.4.26 of the TYPO3 Enterprise Content Management System have just been released.
TYPO3 11.5.7 and 10.4.25 maintenance releases published
The versions 11.5.7 and 10.4.25 of the TYPO3 Enterprise Content Management System have just been released.
Sanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
We Need You for the Board and the Business Control Committee!
Are you a passionate member of the TYPO3 community? Do you have a vision for the future of TYPO3? Whether you are a developer or non-code contributor, TYPO3 needs dedicated people to help guide and serve the community.
File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)
It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
Insecure direct object reference in extension "Varnishcache" (varnishcache)
It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
Server-side request forgery in extension "Kitodo.Presentation" (dlf)
It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.