Discover TYPO3’s biggest milestones of 2025—from the TYPO3.com relaunch to global events, new partnerships, v14.0, and a look ahead at what’s coming…

Email may be old, but it remains critical when reliability matters — and TYPO3 still lacks awareness of modern deliverability standards. This article…

It has been discovered that the extension "Single Sign-on with SAML" (md_saml) bundles a vulnerable version of “onelogin/php-saml“ which is…

Are you interested in learning more about best practices for developing high-quality TYPO3 extensions? Or do you have some new ideas that should be…

It has been discovered that the extension "Modules" (modules) is susceptible to Broken Authentication.

It has been discovered that the extension "Forms Export" (frp_form_answers) bundles a vulnerable version of "phpoffice/phpspreadsheet", which is…

It has been discovered that the extension "Base Excel" (base_excel) bundles a vulnerable version of “phpoffice/phpspreadsheet“ which is susceptible to…

It has been discovered that the extension "Form to Database" (form_to_database) is susceptible to Cross-Site Scripting.

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

It has been discovered that TYPO3 CMS is susceptible to broken access control.

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.

It has been discovered that TYPO3 CMS is susceptible to denial of service.

It has been discovered that TYPO3 CMS is susceptible to open redirect.

It has been discovered that the extension "TYPO3 Backup Plus" (ns_backup) is susceptible to Command Injection.

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.

It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.

It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure…

It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site…

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.

28.05.2024 18 Uhr in Hohenstein, Holzhausen

The versions 13.1.1, 12.4.15 and 11.5.37 of the TYPO3 Enterprise Content Management System have just been released.