TYPO3 News & Events Hub
What’s New & What’s Coming
T3DD 2019—Sponsor One of the Biggest TYPO3 Events of the Year
If you would like to support TYPO3 Developer Days 2019, we would be happy to hear from you!
Read moreRebooting the Content Group
The TYPO3 Content Group is reorganizing, rebooting, and growing! We’re looking for new members, come join our next meeting on Tuesday, 28 May 2019, 10:30 CET. It’s really easy to get involved: find out first-hand from our current contributors!
Outsmarting the Lifecycle of Outdated Websites With toujou
Prevent outdated TYPO3 websites on old PHP versions from going offline! Read about the journey of TYPO3 GmbH’s partner DFAU with "toujou": A website builder that is leading to outsmart the end-of-life cycle as a tool for agencies and companies.
By-passing protection of Phar Stream Wrapper Interceptor
It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
By-passing protection of Phar Stream Wrapper Interceptor
It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
TYPO3 v7.6.36 and 6.2.42 ELTS Released
Are you still sticking to an older version of TYPO3? Recently, TYPO3 v7.6.36 and 6.2.42 ELTS have been released. Staying on top of maintenance and security updates should be a top priority. Gain peace of mind by opting for one of TYPO3 GmbH’s ELTS...
Teamleader Meeting March / April 2019
The leaders of the official teams and committees of the TYPO3 projects met to their monthly meeting. Highlight was a workshop, to improve communication. Once in a month our leaders met in an online meeting, to coordinate all efforts for our...
TYPO3 9.5.6 and 8.7.25 security releases published
The TYPO3 Community announces the versions 9.5.6 LTS and 8.7.25 LTS of the TYPO3 Enterprise Content Management System.
SQL Injection in extension "comsolit Suggest" (comsolit_suggest)
It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.
Arbitrary file Upload in extension "Yet Another Gallery" (yag)
It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.
SQL Injection in extension "Event Calender" (pits_wd_calender)
It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.
Cross Site Scripting in extension "Instagram" (ws_instagram)
It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.
Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)
It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.
Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)
It has been discovered that the extension "ImageOptimizer" (imageoptimizer) is susceptible to Remote Code Execution.
Open Redirect in extension "Hairu" (hairu)
It has been discovered that the extension "Hairu" (hairu) is susceptible to an Open Redirect.
SQL Injection in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to SQL Injection.
Security Misconfiguration since TYPO3 9.4.0
It has been discovered that TYPO3 is susceptible to security misconfiguration.
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
It has been discovered that 3rd party library Bootstrap CSS toolkit bundled with TYPO3 is vulnerable to cross-site scripting through prototype pollution.
Cross-Site Scripting in jQuery before 3.4.0
It has been discovered that 3rd party library jQuery bundled with TYPO3 is vulnerable to cross-site scripting through prototype pollution.