TYPO3 News & Events Hub
What’s New & What’s Coming
Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)
It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.
Read moreMultiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.
Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)
It has been discovered that the extension "ImageOptimizer" (imageoptimizer) is susceptible to Remote Code Execution.
Open Redirect in extension "Hairu" (hairu)
It has been discovered that the extension "Hairu" (hairu) is susceptible to an Open Redirect.
SQL Injection in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to SQL Injection.
Security Misconfiguration since TYPO3 9.4.0
It has been discovered that TYPO3 is susceptible to security misconfiguration.
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
It has been discovered that 3rd party library Bootstrap CSS toolkit bundled with TYPO3 is vulnerable to cross-site scripting through prototype pollution.
Cross-Site Scripting in jQuery before 3.4.0
It has been discovered that 3rd party library jQuery bundled with TYPO3 is vulnerable to cross-site scripting through prototype pollution.
Cross-Site Scripting in Fluid Engine
It has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
Possible Arbitrary Code Execution in Image Processing
It has been discovered, that TYPO3 CMS is vulnerable to arbitrary code execution.
Security Misconfiguration in User Session Handling
It has been discovered, that TYPO3 CMS is susceptible to security misconfiguration.
Information Disclosure in User Authentication
It has been discovered, that TYPO3 CMS is susceptible to information disclosure.
Information Disclosure in Page Tree
It has been discovered, that TYPO3 CMS is susceptible to information disclosure.
April 2019: Developer Appreciation Day (DAD)
As always, a new month starts off with Developer Appreciation Day (DAD): We‘d like to tip our hats to the devoted TYPO3 developers who contributed to the TYPO3 project during April. Thanks a lot, everyone! Find the contributor’s names and some truly...
Results of the TYPO3 Association Elections 2019
The TYPO3 Association (T3A) communicates the results of the 2019 elections for the Board and Business Control Committee (BCC).
Digital Marketing with Mautic and TYPO3
Are you looking for an inbound marketing alternative? The Mautic integration for TYPO3 makes TYPO3 CMS an excellent choice for digital marketers. Learn more details about the integration and its benefits in our newest article!
T3DD 2019—Early Bird Ticket Sale Closing Soon!
It’s your last chance to buy early bird tickets by Tuesday, 30 April, 23:59 CET. Come to TYPO3 Developer Days to have fun, meet friends, and learn together.
SkillDisplay - Attend #T3CVIE as an Educator
SkillDisplay is an Erasmus+ supported project which focuses on education. Therefore, they offer free tickets for #T3CVIE to educators who are interested in web technologies. This blog post is about the event, its sessions and the resources...
PhpStorm—a Short Review
For some years JetBrains is offering free PhpStorm licenses for active TYPO3 Core developers. Its now time to give back and provide a short report about my experience with PhpStorm.
T3DD from Devs for Devs—Call for Participation
Speakers—Step Up to the Mike—at TYPO3 Developer Days 2019 in Karlsruhe!