TYPO3 News & Events Hub
What’s New & What’s Coming
SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
It has been discovered that the extension "GN Tactics Planner" (sf_gntactics) is susceptible to SQL Injection.
Read moreHow We Solve Our Password Madness
Storing passwords is easy - get a password manager and you're done. But how to share these passwords between your co-workers or maybe even external people? We know there is no such thing as "the right solution", but we though we'd share how we do...
Hello World. Welcome to the TYPO3 GmbH.
One of the fundamental problems with doing a lot of stuff: Unless you tell what you are doing, people start to think you are not doing anything. So, we understand that the lack of communication in the past weeks wasn't good. Indeed, and we hope...
Submit your 2017 budget application
The budgetary process 2017 officially starts on September 19, 2016.
Diary of the TYPO3 Association (July / August 2016)
Set up of the TYPO3 GmbH is making progress / Association Roadmap to be refined
Cache Flooding in TYPO3 Frontend
It has been discovered, that TYPO3 is vulnerable to Cache Flooding
Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting
TYPO3 CMS 6.2.27, 7.6.11 and 8.3.1 released
The TYPO3 Community announces the versions 6.2.27 LTS, 7.6.11 LTS and 8.3.1 of the TYPO3 Enterprise Content Management System.
Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitr
Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
It has been discovered that the extension "Speaking URLs for TYPO3" (realurl) is susceptible to Denial of Service.
Releasing TYPO3 v8.3
We are happy to announce the next sprint release of TYPO3 v8, another great step of improvements for TYPO3 v8 LTS, expected to be served in April 2017 to you. Read more for details.
New certification badges and print certificates
The wait is over; We've reworked the whole badge system for all certifications. Certified Editors and Certified Developers now finally have a badge and print certificates.
move:elevator is a TYPO3 Platinum Member
Good news for move:elevator – effective immediately, the full-service agency is a TYPO3 Platinum Member. This is the highest member status the TYPO3 Association can award. move:elevator has already realised about 100 projects with this worldwide...
Extension key clean-up - update your typo3.org account
The typo3.org maintenance team is planning clean-up operations for the many unused extension keys.Currently there are over 15,000 extension keys which are still unused (meaning that there was no version uploaded) and blocked by their respective...
June (2016) diary of the TYPO3 Association
Continuing the founding of the TYPO3 company.
TYPO3 CMS 6.2.26, 7.6.10 and 8.2.1 released
The TYPO3 Community announces the versions 6.2.26 LTS, 7.6.10 LTS and 8.2.1 of the TYPO3 Enterprise Content Management System.
Cross-Site Scripting in third party library mso/idna-convert
It has been discovered, that TYPO3 ships example code of mso/idna-convert library that is vulnerable to Cross-Site Scripting
Environment Variable Injection
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle
Cross-Site Scripting vulnerability in typolinks
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
Information Disclosure in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Information Disclosure.