Security

1. A security enhancement prevents image access through thumbs.php. See [5] for details.

2. A security issue with fe_adminLib.inc has been corrected. It has been announced already, including a bugfix. This version is the first which includes these changes by default. See [6] for details.

3. Finally, a rather small and theoretical issue has been fixed: Command-line scripts in TYPO3 (used e.g. for daily repeating tasks) usually require a backend user whose name is starting with “_CLI_”. It may happen that someone has set up such a user with an easy password, but with too many permissions. The last change in this version finally prohibits logging into the backend with such a username. 

Further reading

[1] TYPO3 4.0.3 Wiki: http://wiki.typo3.org/index.php/TYPO3_4.0.3

[2] TYPO3 Release Workflow: http://typo3.org/teams/core/resources/release-workflow/

[3] TYPO3 Upgrade Wiki page: http://wiki.typo3.org/index.php/Upgrade

[4] TYPO3 Security Team Page: http://typo3.org/teams/security/

[5] Security bulletin: http://typo3.org/teams/security/security-bulletins/typo3-20061205-1/

[6] Security bulletin: http://typo3.org/teams/security/security-bulletins/typo3-20061010-1/

A complete changelog can be found in the TYPO3 source directory. Please have a look at the file ChangeLog for details. 

<<  Intended Audience

Thanks >>