Cross-Site Scripting in link validator component

Component Type: TYPO3 CMS Release Date: February 16, 2016 Vulnerable subcomponent: link validator Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.17 and 7.6.0 to…

General Assembly 2015

The General Assembly (GA) is the body with the highest authority within the Association. At this annual meeting many basic decisions are taken, online elections are approved and budget decisions by…

The Phoenix team reports on the Developer Days 2012

I personally feel that especially the transition between TYPO3 v4 (which is soon called v6) and FLOW3 / Phoenix really works out. At the overall Core Team Meeting before the T3DD, we recognized that…

Information Disclosure in Backend User Interface

Component Type: TYPO3 CMS Vulnerable subcomponent: Backend User Interface (ext:backend) Release Date: June 25, 2019 Vulnerability Type: Information Disclosure Affected Versions: 8.0.0-8.7.26 and…

Insecure Deserialization in TYPO3 CMS

Component Type: TYPO3 CMS Vulnerable subcomponent: Backend & Core API (ext:backend, ext:core) Release Date: June 25, 2019 Vulnerability Type: Insecure Deserialization Affected Versions: 8.0.0-8.7.26…

The New Faces Behind TYPO3 Core Development

Today, I’m proud to announce the faces behind future Core development: Component Mergers Component mergers are allowed to merge proposed changes that only touch a specific area: Extbase & Plugin API,…

Introducing academic memberships

TYPO3 has long been the CMS of choice for academic institutions around the world. Only in Germany, some 460 public and private university websites are powered by the CMS. Academic memberships are…

TYPO3 Security Bulletin

Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default…

Insufficient Session Expiration after Password Reset

Component Type: TYPO3 CMS Subcomponent: Password Reset (ext:felogin, ext:backend) Release Date: December 13, 2022 Vulnerability Type: Insufficient Session Expiration Affected Versions: 10.0.0-10.4.32,…

Reflections on SymfonyCon Brussels 2023

It was an excellent opportunity to learn about the latest advancements in the Symfony ecosystem, share insights into TYPO3, and network with like-minded individuals. TYPO3 Association board secretary…

Cooperation, Connections and Coffee — a TYPO3 Education Committee Community Sprint Report

Combine that with the spacious premises and available equipment in the TYPO3 GmbH and you have a top working environment. Also, there were donuts. Lots of donuts. (Thanks to Boris Hinzer from…

Budget 2024 Ideas for Quarter 3/2024 Published — Vote Now!

On 1 November, we launched the community budget process for 2024 with a call for budget ideas. The ideas are now published at talk.typo3.org , where you can review and discuss them . As a part of the…

This Month in TYPO3

This is where we request your help! When you see interesting blog articles or other news regarding TYPO3, extensions, implementations, tutorials, snippets, or what else might fit, please let us know.…

if20 Templates for TYPO3 (if_yaml)

TypoScript library for TYPO3, Template with tons of examples.

Show extension details Download ZIP of version 1.6.0 Extension documentation

Vulnerabilitiy in extension Front End User Registration (sr_feuser_register)

Component Type: Third party extension. This extensions is not part of the TYPO3 default installation. Affected Versions: Version 2.5.25. Vulnerability Type: Security Misconfiguration Severity: Medium…

Report on the typo3.org Team Sprint in India (March 2019)

What a great adventure. For the first time I was visiting Asia and especially India. As I am not a fan of flights and Asian food, this took quite some effort to convince me. But I can give you a…

TYPO3 Agency Meetup Day in Mannheim.

The TYPO3 Marketing Team will meet the agencies of the Mannheim area on November 6, 2014. Source: Mannheim.de The Agency Meetup Days are a combined initiative of the TYPO3 Marketing Team and the Board…

TYPO3 v9 Roadmap

Between the TYPO3 v8 LTS release in April 2017 and the first sprint release of v9.0 in December 2017, the TYPO3 Core Team reviewed the main achievements of v8.7 (the latest LTS release). It became…

TYPO3 Association extraordinary General Assembly

With the new bylaws now in effect the following changes are the most important to mention: 1. We introduced a new committee called the Business Control Committee (BCC) which is elected directly by the…

Supporting Events through Risk Backup

We are happy to announce that we will take a further step to support TYPO3 events within the community. It is one of our primary targets to support events and help the community, inspiring others to…

Tutoriel TYPO3 pour les rdacteurs (typo3_tut_fr)

This extension provides a french translation of the documentation extension typo3_tut. This basic tutorial for editors explains how to add or change content on an existing website in TYPO3. It…

Show extension details Download ZIP of version 1.0.0 Extension documentation

Techniques to implement Comet with PHP (comet)

This extension implements several techniques to implement Comet with PHP. This can be useful to do things in real time without reload the page. You have to include manually Prototype JS…

Show extension details Download ZIP of version 1.1.0

TYPO3 4.1.4 and 4.0.8

TYPO3 versions 4.1.4 and 4.0.8 are ready for download. They are maintenance releases of versions 4.0 and 4.1. Both versions contain only bugfixes and one low-severity security fix. The most notable…

Cross-Site Scripting in Frontend Login Mailer

Component Type: TYPO3 CMS Subcomponent: Frontend Login Mailer (ext:felogin) Release Date: June 14, 2022 Vulnerability Type: Cross-Site Scripting Affected Versions: 9.0.0-9.5.34 ELTS, 10.0.0-10.4.28,…

Multiple vulnerabilities in third-party extensions

Release Date: September 2, 2010 Please read first: This Collective Security Bulletin (CSB) is a listing of vulnerable extensions with neither significant download numbers, nor other special importance…