Skip to main content

Nachrichten

TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

 

 

 

  • Component Type: TYPO3 CMS
  • Subcomponent: SVG Sanitizer (based on enshrined/svg-sanitize)
  • Release Date: February 22nd, 2022
  • Impact:
We Need You for the Board and the Business Control Committee!

 

 

Positions are available for the Board and the Business Control Committee (BCC), and you can nominate yourself for one of these…

TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

 

 

 

  • Release Date: February 15, 2022
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

 

 

 

  • Release Date: February 15, 2022
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

 

 

 

  • Release Date: February 15, 2022
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

 

 

 

  • Release Date: February 15, 2022
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…
New Code of Conduct: Cast Your Vote

 

 

Cast Your Vote

Back in September 2021, the Ombudsperson Group started an extensive review process for a new Code of Conduct for the…

TYPO3 and its Accessibility in the Backend

 

 

What Does Digital Accessibility Mean?

It is a task for society as a whole to provide everyone with equal access to relevant information…

Team Report 2021—typo3.org Website Team

 

 

General

We prepared our budget for 2021 for working completely remote, and envisioned some ambitious projects for our websites and…

TYPO3 11.5.6 and 10.4.24 maintenance releases published

 

 

The following TYPO3 updates have been released:

  • TYPO3 11.5.6 LTS
  • TYPO3 10.4.24 LTS

Both versions are maintenance releases only.

Fur…

Call for Budget Application Ideas—Association Budget 2022

 

 

In an earlier article, the Board introduced the new budget process for the Association budget for 2022. With the Business Control…

TYPO3 Documentation Team Report 2021

 

 

In this report we will present this year’s improvements to the tools and the official TYPO3 documentation.

Benefits of Writing…

Report From the TYPO3 Quality Assurance Initiative

 

 

The whole outcome, and current process, is available as an example extension at gitlab.typo3.org and github.com.

This report will only…

New System Requirements for Upcoming TYPO3 v12

 

 

Outline of the new requirements:

PHP 8.1+ (Up From PHP 7.4+)

PHP 8.1 was initially released in 2021, and will have security support…

TYPO3 11.5.5 and 10.4.23 maintenance releases published

 

 

The following TYPO3 updates have been released:

  • TYPO3 11.5.5 LTS
  • TYPO3 10.4.23 LTS

Both versions are maintenance releases only.

Fur…

Extension Award 2021—Announcing the Winners

 

 

 

  1. news by Georg Ringer
  2. typo3_console by Helmut Hummel
  3. container by Achim Fritz and Benni Mack

We would like to congratulate the…

Meet Thomas “Spoony” Löffler, TYPO3 Freelancer and Contributor, Germany (Application Podcast S02E13)

 

 

Listen to the full interview in the audio player here, watch the video below, and there’s a full transcript of our conversation down…

TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

 

 

 

  • Component Type: TYPO3 CMS core & TYPO3 extensions (third-party plugins)
  • Release Date: December 16, 2021
  • Type: Advisory
  • References:
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

 

 

 

  • Component Type: TYPO3 CMS
  • Subcomponent: ContentObjectRenderer (ext:frontend)
  • Release Date: December 16, 2021
  • Impact: Cache…
TYPO3 11.5.4 and 10.4.22 maintenance releases published

 

 

The following TYPO3 updates have been released:

  • TYPO3 11.5.4 LTS
  • TYPO3 10.4.22 LTS

Both versions are maintenance releases only.

Fur…

Meet Tymoteusz Motylewski, TYPO3 Core Contributor, Poland (Application Podcast S02E12)

 

 

Listen to the full interview in the audio player here, watch the video below, and there’s a full transcript of our conversation down…

TYPO3 Core Development to Change Branch Name

 

 

In recent years, larger Git-based solutions (such as GitHub and GitLab) changed the primary development branch name from master to main

Meet Susi Moog, TYPO3 GmbH COO, Germany (Application Podcast S02E11)

 

 

Listen to the full interview in the audio player here, watch the video below, and there’s a full transcript of our conversation down…

Extension Award: Voting is Open

 

 

Vote Now

How Do I Vote?

  1. Got to extensions.typo3.org.
  2. Log in with your typo.org user account.
  3. Go to the list of nominated extensions
Meet Petra Hasenau, TYPO3 Association Board Vice-President, Germany (Application Podcast S02E10)

 

 

Listen to the full interview in the audio player here, watch the video below, and there’s a full transcript of our conversation down…

TYPO3 11.5.3 maintenance release published

 

 

The following TYPO3 update has been released:

  • TYPO3 11.5.3 LTS

This version is a maintenance release and contains bug fixes only.

TY…

Structured Content Initiative—Feedback Wanted!

 

 

The Structured Content Initiative is the core Strategic Initiative focused on improving the content editing user experience in TYPO3…

TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)

 

 

 

  • Release Date: November 10, 2021
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension  "pixx.io integration for TYPO3 (DAM)" (pixxio)

 

 

 

  • Release Date: November 10, 2021
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…
TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)

 

 

 

  • Release Date: November 10, 2021
  • Component Type: Third party extension. This extension is not a part of the TYPO3 default…