Official TYPO3 News

Team Budget Report: Update the Educational Sitepackage Extension and Tutorial

Fri, 22 May 2026 00:00:00 +0200

This is a report about the implementation of the documentation team budget idea: Update the Sitepackage Extension and Tutorial for TYPO3 v14.

TYPO3 Education Committee Sprint, April 2026

Wed, 20 May 2026 00:00:00 +0200

The TYPO3 Education Committee gathered in Lübeck, Germany, for a three-day working sprint to update its certification program for TYPO3 v14. Here's a look at what the team accomplished — and what's coming in August.

Remote Code Execution in extension "Content Element Selector" (ceselector)

Tue, 19 May 2026 11:06:00 +0200

Release Date: May 19, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Content Element Selector" (ceselector)Composer Package Name: mmc/ceselectorVulnerability Type: Insecure DeserializationAffected Versions: 6.0.0, 5.0.0, 4.0.0 - 4.0.1, 3.0.2 and belowSeverity: CriticalSuggested CVSS v4.0: AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences: CVE-2026-46725, CWE-502

Problem Description

The extension fails to safely process untrusted client input of an attacker-controlled cookie directly to PHP's unserialize(). A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server.

Exploitation requires the content element to be configured with "Persistent Mode: Static" in the plugin settings.

Solution

Updated versions 6.0.1, 5.0.1, 4.0.2 and 3.0.3 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/ceselector/6.0.1/zip
https://extensions.typo3.org/extension/download/ceselector/5.0.1/zip
https://extensions.typo3.org/extension/download/ceselector/4.0.2/zip
https://extensions.typo3.org/extension/download/ceselector/3.0.3/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to TYPO3 Security Team member Torben Hansen for reporting the vulnerability and to Matthias Mächler for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

SQL Injection in extension "Address List" (tt_address)

Tue, 19 May 2026 11:05:00 +0200

Release Date: May 19, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Address List" (tt_address)Composer Package Name: friendsoftypo3/tt-addressVulnerability Type: SQL InjectionAffected Versions: 10.0.0, 9.0.0 - 9.1.0, 8.1.1 and belowSeverity: Medium (rated lower than the CVSS score, as the vulnerable method is not invoked by the extension itself)Suggested CVSS v4.0: AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences: CVE-2026-8827, CWE-89

Problem Description

The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input leading to SQL Injection.

The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection

Solution

Updated versions 10.0.1, 9.1.1 and 8.1.2 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/tt_address/10.0.1/zip
https://extensions.typo3.org/extension/download/tt_address/9.1.1/zip
https://extensions.typo3.org/extension/download/tt_address/8.1.2/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to TYPO3 Core and Security Team member Georg Ringer for reporting the vulnerability and for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Multiple vulnerabilities in extension "Faceted Search" (ke_search)

Tue, 19 May 2026 11:03:00 +0200

Release Date: May 19, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Faceted Search" (ke_search)Composer Package Name: tpwd/ke_searchVulnerability Type: XML External Entity injection, Path Traversal and Information DisclosureAffected Versions: 7.0.0, 6.0.0 - 6.6.0, 5.6.1 and belowSeverity: MediumSuggested CVSS v4.0: AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:NReferences: CVE-2026-46722, CVE-2026-46723, CVE-2026-46724, CWE-611, CWE-668, CWE-22

Problem Description

The OOXML parsing of the file indexer does not disable external entity resolution, making it susceptible to XML External Entity Injection. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index.

Additionally, the additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names, allowing a backend user with permission to edit indexer configurations to copy sensitive data from internal TYPO3 tables into the search index. Similarly, the file indexer does not normalize the configured directories path, allowing such a user to index documents from arbitrary locations on the server file system through path traversal sequences.

Solution

Updated versions 7.0.1, 6.6.1 and 5.6.2 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/ke_search/7.0.1/zip
https://extensions.typo3.org/extension/download/ke_search/6.6.1/zip
https://extensions.typo3.org/extension/download/ke_search/5.6.2/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to Seungbin Yang for reporting the vulnerabilities and to Christian Bülter for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

SQL Injection in extension "News system" (news)

Tue, 19 May 2026 11:02:00 +0200

Release Date: May 19, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "News system" (news)Composer Package Name: georgringer/newsVulnerability Type: SQL InjectionAffected Versions: 14.0.0 - 14.0.2, 13.0.0 - 13.0.1, 12.0.0 - 12.3.1, 11.4.3 and belowSeverity: HighSuggested CVSS v4.0: AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences: CVE-2026-8726, CWE-89

Problem Description

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin.

Exploitation requires the "Date Menu of news articles" plugin to be in use and the TypoScript/Plugin setting disableOverrideDemand not to be enabled.

Solution

Updated versions 14.0.3, 13.0.2, 12.3.2 and 11.4.4 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/news/14.0.3/zip
https://extensions.typo3.org/extension/download/news/13.0.2/zip
https://extensions.typo3.org/extension/download/news/12.3.2/zip
https://extensions.typo3.org/extension/download/news/11.4.4/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to TYPO3 Core Team member Christian Kuhn for reporting the vulnerability and to TYPO3 Core and Security Team member Georg Ringer for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Broken Access Control in extension "Frontend User Registration" (sf_register)

Tue, 19 May 2026 11:01:00 +0200

Release Date: May 19, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Frontend User Registration" (sf_register)Composer Package Name: evoweb/sf-registerVulnerability Type: Broken Access ControlAffected Versions: 14.0.0 - 14.0.1, 13.2.3 and belowSeverity: MediumSuggested CVSS v4.0: AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:NReferences: CVE-2026-46721, CWE-915, CWE-639

Problem Description

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to content and functionality restricted to privileged frontend user groups.

Solution

Updated versions 14.0.2 and 13.2.4 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/sf_register/14.0.2/zip
https://extensions.typo3.org/extension/download/sf_register/13.2.4/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to Seungbin Yang for reporting the vulnerability and to Sebastian Fischer for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Remote Code Execution in extension "Site Crawler" (crawler)

Tue, 19 May 2026 11:00:00 +0200

Release Date: May 19, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Site Crawler" (crawler)Composer Package Name: tomasnorre/crawlerVulnerability Type: Insecure DeserializationAffected Versions: 12.0.0 - 12.0.10, 11.0.12 and belowSeverity: HighSuggested CVSS v4.0: AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:LReferences: CVE-2026-8727, CWE-502

Problem Description

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server.

Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task, but can be abused by non-super-admin administrators to escalate privileges.

Solution

Updated versions 12.0.11 and 11.0.13 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/crawler/12.0.11/zip
https://extensions.typo3.org/extension/download/crawler/11.0.13/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to Roman Hergenreder for reporting the vulnerability and to Tomas Norre Mikkelsen for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Changes to the TYPO3 Bug Bounty Program

Tue, 19 May 2026 09:38:00 +0200

Extension security reporting continues — financial rewards for extension findings will end on 31 May 2026.

SEAL Extension Takes the Next Step: Advanced Search, GEO Features and AI Vector Integration

Mon, 18 May 2026 08:43:13 +0200

In this update, Tim Lochmüller reports on his Q1/2026 Community Budget project, confirming that all three milestones of the SEAL ecosystem expansion — covering advanced search, geographical features, and AI vector integration — have been successfully reached.

The Next Wave of TYPO3

Tue, 12 May 2026 12:21:00 +0200

At TYPO3 Surf Camp in Fuerteventura, a new generation of contributors is stepping forward. Reflections on mentorship, community, and the future of TYPO3.

TYPO3 14.3.1 and 13.4.29 maintenance releases published

Tue, 12 May 2026 12:00:00 +0200

The versions 14.3.1 and 13.4.29 of the TYPO3 Enterprise Content Management System have just been released.

This Month in TYPO3: April, 2026

Tue, 05 May 2026 00:00:00 +0200

April was TYPO3's biggest month of the year so far. The TYPO3 v14 LTS release landed on the 21st — redesigned backend, Camino theme baked in, three-plus years of free security support.

TYPO3 Contribution in Numbers: April 2026

Fri, 01 May 2026 06:03:10 +0200

See the full recap of TYPO3's April core contributions with 71 contributors, 214 reviews, bug fixes, features, and a big thank-you to our developers.

Editors Choice: The Top 5 Editor-friendly Features in TYPO3 v14 LTS

Thu, 30 Apr 2026 08:54:00 +0200

Discover the top 5 editor-friendly features in TYPO3 v14 LTS. From a redesigned backend to smarter workflows and guided translations. Content editing made easier than ever.

TYPO3 v12 LTS End of Free Support

Thu, 30 Apr 2026 07:52:00 +0200

Three years after its initial release, 30 April 2026 marks the end of free support for TYPO3 v12 LTS. This is an important milestone for site operators, and it’s worth understanding what this means for your projects and how to keep your TYPO3 instances secure and up to date.

Members Have Selected Four Ideas to be Funded in Round Two 2026

Mon, 27 Apr 2026 00:00:00 +0200

The TYPO3 Association member poll for Round Two in 2026 budget ideas has finished. This time four winning ideas will be funded by the TYPO3 Association.

Hybrid Marketing Sprint for Version 14

Fri, 24 Apr 2026 14:01:00 +0200

From the sunny shores of Fuerteventura to the creative hub of Berlin, the latest TYPO3 Marketing Sprint took our collaboration to a new level. In a hybrid setup, two teams worked simultaneously to turn the strategic goals of TYPO3 v14 into tangible results and to inspire a new generation of TYPO3 enthusiasts.

Coordinated Security Releases for TYPO3 Extensions

Fri, 24 Apr 2026 11:06:10 +0200

When a security vulnerability is found in a TYPO3 extension, how the fix is released matters as much as the fix itself. Here is why coordinated disclosure through the TYPO3 Security Team is essential for the whole ecosystem.

TYPO3 v14 LTS—The Next Generation

Tue, 21 Apr 2026 11:18:00 +0200

Today, we are thrilled to announce TYPO3 v14 LTS, our latest flagship release and a major milestone in TYPO3's evolution. This new era begins with a redesigned and greatly enhanced backend user interface, complemented by innovative features, improvements, and modern technologies.

Cleartext storage of Backend User Passwords

Tue, 21 Apr 2026 11:05:00 +0200

Component Type: TYPO3 CMSSubcomponent: User Profile Settings (ext:backend)Release Date: April 21, 2026Vulnerability Type: Sensitive Data ExposureAffected Versions: 14.2.0Severity: HighSuggested CVSS: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:HReferences: CVE-2026-6553, CWE-312

Problem Description

The backend user settings module (SetupModuleController) incorrectly conflates entity data (like passwords or email address) with user-interface settings (like theme, display options) when persisting changes. As a result, passwords were stored in cleartext in the uc and user_settings fields of the be_users database table.

The cleartext data was only persisted if users changed their credentials in the backend user settings module when the TYPO3 14.2.0 release was used (not in any other version).

Solution

Update to TYPO3 version 14.3.0 LTS that fixes the problem described.

Manual actions required

Updating to the patched release does not retroactively clean existing data. It is recommended to execute all User Settings upgrade wizards in the TYPO3 Install Tool, including the dedicated User Settings Scrubbing wizard, which sanitizes the incorrectly persisted cleartext values from the uc and user_settings fields of the be_users table. Additionally, affected backend user accounts should be assigned new passwords.

Admin Tools → Upgrade → Upgrade Wizard → User Settings Scrubbing

Credits

Thanks to Martin Clewing for reporting this issue, and to TYPO3 core team members Oliver Hader, Stefan Bürk and Garvin Hicking for fixing it.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note

All security-related code changes are tagged so you can easily look them up in our review system.

Unsuccessful Third Election Round for TYPO3 Association Board

Thu, 16 Apr 2026 16:00:42 +0200

None of the remaining candidates achieved 50% of the votes. The election is therefore deemed unsuccessful and the board will have only six members.

What's New in DDEV for TYPO3 Developers

Wed, 15 Apr 2026 11:30:27 +0200

DDEV has shipped a series of updates with real benefits for TYPO3 developers. This roundup covers the highlights: Improved ddev share with TYPO3 hooks, a new dashboard, better Windows installation, new diagnostic utilities, and rootless container support.

TYPO3 13.4.28 and 12.4.45 maintenance releases published

Tue, 14 Apr 2026 13:30:00 +0200

The versions 13.4.28 and 12.4.45 of the TYPO3 Enterprise Content Management System have just been released.

Announcing a Third Election Round for the TYPO3 Association Board

Wed, 08 Apr 2026 20:30:33 +0200

Since none of the remaining candidates achieved 50% of the votes in the second round, members are asked to vote in a final round. If the necessary support is not reached, the election for the third position will be considered unsuccessful.

Vote Now! Budget 2026 Ideas for Round Two Have Been Published

Wed, 08 Apr 2026 10:42:22 +0200

The call for community budget ideas for the second round of 2026 was successful: Seven Community and three Team ideas have made it to the poll. These ideas can now be discussed and TYPO3 Association members can cast their vote.

This Month in TYPO3: March, 2026

Tue, 07 Apr 2026 10:37:48 +0200

March went out with a bang. TYPO3 v14.2 shipped on the final day of the month, the Association elections saw an 18% surge in voter participation, and three extension security advisories landed mid-month. With v14 LTS queued for 21 April and the community calendar filling fast, the momentum heading into spring is undeniable.

Improving Fluid Developer Experience with TYPO3 v14

Thu, 02 Apr 2026 00:00:00 +0200

Simon Praetorius gives us an update on his Community Budget idea for improving the Fluid developer experience — and the first results are already landing in Fluid 5.2.

TYPO3 Contribution in Numbers: March 2026

Wed, 01 Apr 2026 06:03:42 +0200

See the full recap of TYPO3's March core contributions with 66 contributors, 255 reviews, bug fixes, features, and a big thank-you to our developers.

TYPO3 v14.2—Refined Where It Matters

Tue, 31 Mar 2026 07:08:00 +0200

Today we proudly released TYPO3 version 14.2—and you won't be disappointed! You'll find new features, improvements, and optimizations in every corner of the system. Read on to learn more about what's new in the last sprint release before the v14 LTS launch in April 2026.

Results of the 2026 TYPO3 Association Elections

Tue, 31 Mar 2026 07:00:00 +0200

When the election closed, more than 380 members had cast their votes. This is an 18% increase from 2025. Another voting round will take place to select the final board member.

How to Upgrade an Outdated TYPO3 Version: Our Step-by-Step Guide

Thu, 26 Mar 2026 07:00:00 +0100

Learn how to check if your TYPO3 version is outdated and choose the best way to upgrade your TYPO3 website.

TYPO3 and its Accessibility in the Backend — Changes from v6 to v14

Wed, 25 Mar 2026 10:32:51 +0100

A look at how the TYPO3 community has tackled backend accessibility over the years — and what a dedicated sprint in 2025 revealed about how far it's come, and how far it still has to go.

Extended Long-Term Support (ELTS) for TYPO3 v12: Presale starts 1 April 2026

Wed, 25 Mar 2026 09:05:00 +0100

Prepare for the end of TYPO3 v12 LTS free support on 30 April 2026. Consider extending your current system's life with ELTS for critical security updates and bug fixes.

Join the TYPO3 v14 LTS Launch Celebrations

Tue, 24 Mar 2026 06:01:00 +0100

Join the TYPO3 community in marking the release of TYPO3 v14 LTS. The official release day is 21 April 2026, and we’re excited to highlight release parties happening across the ecosystem.

Changing the Playing Field — Visual Editing in TYPO3 v14

Tue, 17 Mar 2026 16:52:11 +0100

Last weekend at Web Camp Venlo, developer Matthias Vogel demonstrated how the default Camino theme supports visual editing in TYPO3 v14. I believe this is a quantum leap for our CMS, both in terms of usability and for its appeal to potential clients.

Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)

Tue, 17 Mar 2026 10:02:00 +0100

Release Date: March 17, 2026Updated: March 22, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "E-Mail MFA Provider" (mfa_email)Composer Package Name: ralffreit/mfa-emailVulnerability Type: Authentication BypassAffected Versions: 2.0.0, 1.0.5 and belowSeverity: HighSuggested CVSS v4.0: AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences: CVE-2026-4208, CWE-288

Problem Description

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

The vulnerability is only exploitable, when the “E-Mail MFA Provider” is not the default MFA provider and when at least one other MFA provider is available to the user.

Solution

Updated versions 2.0.1 and 1.0.7 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/mfa_email/2.0.1/zip
https://extensions.typo3.org/extension/download/mfa_email/1.0.7/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to Jan Holtkötter for reporting the vulnerability and to Ralf Freit for providing an updated version of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Broken Access Control in extension "Redirect Tab" (redirect_tab)

Tue, 17 Mar 2026 10:01:00 +0100

Release Date: March 17, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Redirect Tab" (redirect_tab)Composer Package Name: ayacoo/redirect-tabVulnerability Type: Broken Access ControlAffected Versions: 4.0.0 - 4.0.4, 3.0.0 - 3.1.6, 2.1.1 and belowSeverity: LowSuggested CVSS v4.0: AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NReferences: CVE-2026-4202, CWE-862, CWE-200

Problem Description

The extension fails to verify, if an authenticated user has permissions to access redirects resulting in exposure of redirect records when editing a page.

Solution

Updated versions 4.0.5, 3.1.7 and 2.1.2 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/redirect_tab/4.0.5/zip
https://extensions.typo3.org/extension/download/redirect_tab/3.1.7/zip
https://extensions.typo3.org/extension/download/redirect_tab/2.1.2/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to Guido Schmechel for reporting the vulnerability and for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Insecure Deserialization in extension "Mailqueue" (mailqueue)

Tue, 17 Mar 2026 10:00:00 +0100

Release Date: March 17, 2026Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.Component: "Mailqueue" (mailqueue)Composer Package Name: cpsit/typo3-mailqueueVulnerability Type: Insecure DeserializationAffected Versions: 0.5.0 - 0.5.1, 0.4.4 and belowSeverity: MediumSuggested CVSS v4.0: AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:HReferences: CVE-2026-1323, CWE-502

Problem Description

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].

Solution

Updated versions 0.5.2 and 0.4.5 are available from the TYPO3 extension manager, packagist and at

https://extensions.typo3.org/extension/download/mailqueue/0.4.5/zip
https://extensions.typo3.org/extension/download/mailqueue/0.5.2/zip

Users of the extension are advised to update the extension as soon as possible.

Credits

Thanks to TYPO3 security team member Elias Häußler for reporting the vulnerability and for providing updated versions of the extension.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

This Month in TYPO3: February, 2026

Fri, 13 Mar 2026 11:29:38 +0100

February kept the momentum going. Two maintenance releases kept production stable, the Board dropped an activity report, and nominations opened for Board and Business Control Committee seats. Content Blocks cleared the v14 milestone, and Europe's digital sovereignty shift moved TYPO3 into sharper strategic focus. March has a packed calendar waiting.

My First Day on the Frontline — Report From a Best Practice Remote Code Sprint

Thu, 12 Mar 2026 09:48:32 +0100

With the new year just around the corner, I attended a Remote Code Sprint of the Best Practices Team for the very first time ever.

First TYPO3 Marketing Sprint 2026 in Berlin

Wed, 11 Mar 2026 07:00:00 +0100

Help us shape the official TYPO3 v14 LTS narrative! Join the hybrid Marketing Sprint in Berlin on April 13-14, 2026. Secure your spot and register now.

TYPO3 13.4.27 and 12.4.44 maintenance releases published

Tue, 10 Mar 2026 13:30:00 +0100

The versions 13.4.27 and 12.4.44 of the TYPO3 Enterprise Content Management System have just been released.

From Billable Hours to Scalable Products

Tue, 10 Mar 2026 07:50:00 +0100

Digital agencies typically grow by taking on more projects and increasing team capacity. This model works well for delivering client services, but it also creates a structural limit: revenue remains closely tied to billable time.

TYPO3 Returns to CloudFest 2026

Mon, 09 Mar 2026 07:00:00 +0100

TYPO3 returns to CloudFest 2026. Explore how we’re collaborating with the FAIR project and Open Website Alliance to prepare for the Cyber Resilience Act.

Second Call for Community Budget Ideas in 2026

Wed, 04 Mar 2026 16:12:20 +0100

The TYPO3 Association has officially launched the second community budget idea process of 2026. This is the second round of the refreshed, more focused approach to funding community-driven and team-driven initiatives.

New TYPO3 Certification Pricing and Bundle Offer – Effective March 2026

Tue, 03 Mar 2026 07:11:00 +0100

Discover the new TYPO3 certification pricing and bundle model effective March 2026. Transparent costs, mock exams, and two-year planning security.

Getting TYPO3 v14 Over the Finish Line: Our Week at the Rosenheim Code Sprint

Mon, 02 Mar 2026 19:58:40 +0100

With a clear mission to complete outstanding v14 tasks, Marno shares the highlights from our team sprint in Rosenheim, Germany, where collaboration and focused effort brought us closer to the final release.

TYPO3 Contribution in Numbers: February 2026

Mon, 02 Mar 2026 13:49:23 +0100

See the full recap of TYPO3's February core contributions with 76 contributors, 239 reviews, bug fixes, features, and a big thank-you to our developers.

We Are Looking for Candidates for the Board and Business Control Committee

Thu, 26 Feb 2026 09:11:00 +0100

Are you a passionate member of the community? Do you have a vision for TYPO3's future? Whether you are a developer or a non-code contributor, TYPO3 needs dedicated people to help guide the project and serve the community.

TYPO3 Pulse #04 – Open-Source-Month

Wed, 25 Feb 2026 10:26:00 +0100

This edition is dedicated to all things open source, in the spirit of Open Source Awareness Month which takes place every February.

The TYPO3 Camp Baden-Württemberg Is Back!

Wed, 25 Feb 2026 09:50:32 +0100

This German-language event brings together the TYPO3 community for two days of knowledge exchange and collaboration.

Board Report: New Responsibilities, Community Work, and a Look-Out for 2026

Tue, 24 Feb 2026 11:23:45 +0100

During the third and fourth quarter of 2025, the TYPO3 Board focused on strengthening governance structures, expanding cross-community networking, and driving technical innovation. From preparing for new EU regulations to active participation in international camps, here is an overview of the board's recent activities.

TYPO3 14.1.1, 13.4.26 and 12.4.43 maintenance releases published

Fri, 20 Feb 2026 10:30:00 +0100

The versions 14.1.1, 13.4.26 and 12.4.43 of the TYPO3 Enterprise Content Management System have just been released.

Digital Sovereignty and Open Source: Europe’s Shifting Technology Foundations

Thu, 19 Feb 2026 09:34:00 +0100

European organizations are reassessing their tech stacks as digital sovereignty becomes a necessity. Learn why open source is emerging as a strategic alternative.

Debunking 7 Common Myths about Open Source CMS

Thu, 12 Feb 2026 13:47:00 +0100

Debunk common myths about open source CMSs and learn how open source solutions like TYPO3 deliver security, scalability, innovation, and enterprise value.

In Memory of Jens Liesegang

Thu, 12 Feb 2026 09:04:00 +0100

It is with great sadness that we learned of the passing of our esteemed colleague and companion Jens Liesegang.

Content Blocks: Q4/2025 Milestones and Q1/2026 Goals

Wed, 11 Feb 2026 15:02:02 +0100

The Content Types Team wrapped up the major milestone of TYPO3 v14 support and focused on the long-awaited Content Blocks GUI.

TYPO3 13.4.25 maintenance release published

Tue, 10 Feb 2026 11:00:00 +0100

The version 13.4.25 of the TYPO3 Enterprise Content Management System has just been released.

Community Budget Report: A PHP Firewall for TYPO3

Thu, 05 Feb 2026 00:00:00 +0100

Sascha Egerer provides an update on his Community Budget Idea to add a PHP-based firewall to TYPO3, helping site owners block common attacks even when they can’t rely on server-level security.