TYPO3 Book Report—Who’s Writing the TYPO3 Book?
Sign Up to the TYPO3 Guidebook Mailing List
How did you get into technical writing, Felicity?
In my former life I was a business analyst, and I always…
TYPO3 Users, Please Let Us Know Your Feedback!
The TYPO3 Project has started to use G2.com, the tech marketplace, as a prominent place to show the TYPO3 Project to millions of business…
Structured Content Initiative—What happened in April? The survey results!
The Structured Content Initiative is the core Strategic Initiative focused on improving the content editing user experience in TYPO3 CMS. Read our…
TYPO3 10.4.3 and 9.5.18 maintenance releases published
The following TYPO3 updates have been released:
- TYPO3 10.4.3 LTS
- TYPO3 9.5.18 LTS
Both versions are maintenance releases only. They aim to reduce…
Report from the Board QSA—April 2020
Although the Board meets online every two weeks throughout the year, it is necessary with longer physical meetings for in-depth and strategic…
TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface
- Component Type: TYPO3 CMS
- Subcomponent: Backend User Interface & Install Tool (ext:backend, ext:backend)
- Release Date: May 12, 2020
- Vulnerability…
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
- Component Type: TYPO3 CMS
- Subcomponent: Backend User Interface (ext:backend)
- Release Date: May 12, 2020
- Vulnerability Type: Insecure…
TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
- Release Date: May 12, 2020
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Component: SVG…
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
- Component Type: TYPO3 CMS
- Subcomponent: Core (ext:core)
- Release Date: May 12, 2020
- Vulnerability Type: Insecure Deserialization
- Affected…
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
- Component Type: TYPO3 CMS
- Subcomponent: Link Handling (ext:frontend)
- Release Date: May 12, 2020
- Vulnerability Type: Information Disclosure
- …
TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)
- Release Date: May 12, 2020
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Component: Job…
TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)
- Release Date: May 12, 2020
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Component:…
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
- Component Type: TYPO3 CMS
- Subcomponent: Form Engine (ext:backend)
- Release Date: May 12, 2020
- Vulnerability Type: Cross-Site Scripting
- Affected…
TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)
- Release Date: May 12, 2020
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Component:…
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
- Component Type: TYPO3 CMS
- Subcomponent: Password Reset (ext:backend)
- Release Date: May 12, 2020
- Vulnerability Type: Information Disclosure
- …
TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)
- Release Date: May 12, 2020
- Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
- Component:…
TYPO3 10.4.2 and 9.5.17 security releases published
The following TYPO3 updates have been released:
- TYPO3 10.4.2 LTS
- TYPO3 9.5.17 LTS
Both versions are security releases and contain important…
CMS-Learning Curriculum for Educators and Students
Helping Students Learn About Content Management
Learning has moved online in response to the recent COVID-19 crisis. This increases demand on…