Für das bekannte CMS Typo3 gibt es diverse Sicherheitslücken. Die Entwickler haben bereits reagiert und halten Updates für Typo3 8.7.24 und 9.5.4 bereit.
Die bekannten 7 Sicherheitslücken sind zum Teil abhängig von der Webserverkonfiguration und wurden von LOW bis CRITICAL eingestuft.
Nutzer der Typo3 LTS Version sollten umgehend auf die Version 8.7.24 oder 9.5.4 aktualisieren.
Typo3 9.5.4
- 2019-01-22 f4b9d77ced [RELEASE] Release of TYPO3 9.5.4 (thanks to Oliver Hader)
- 2019-01-22 9990278ce7 [SECURITY] Extend file deny pattern (thanks to Oliver Hader)
- 2019-01-22 a0c4348188 [SECURITY] Use a fluid template for the ConfirmationFinisher message (thanks to Ralf Zimmermann)
- 2019-01-22 d578fd3e4c [SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components (thanks to Benni Mack)
- 2019-01-22 c94f566514 [SECURITY] XSS issues in Fluid view helpers (thanks to Andreas Wolf)
- 2019-01-22 cb9c526639 [SECURITY] Prevent possible XSS in install tool (thanks to Frank Naegler)
- 2019-01-22 b3608d14e1 [SECURITY] Avoid creation of backend users without password (thanks to Benni Mack)
- 2019-01-22 889ed77d29 [SECURITY] Avoid disclosing loaded extensions (thanks to Oliver Hader)
- 2019-01-22 1738a8cfb5 [BUGFIX] Prevent exception in early bootstrap exception handler (thanks to Benjamin Franzke)
- 2019-01-21 14f77d06bf [TASK] Make the site’s identifier available in TypoScript (thanks to Georg Ringer)
- 2019-01-21 7605ecf0b0 [TASK] Raise guzzlehttp/psr7 composer dependency (thanks to Oliver Hader)
- 2019-01-21 8c382831d8 [BUGFIX] Harden CommandUtility invocations (thanks to Oliver Hader)
- 2019-01-20 9395d45bc6 [TASK] Speed up ReST file reference check (thanks to Christian Kuhn)
- 2019-01-19 0a320bb495 [TASK] Fix minor syntax in Changelog (thanks to Joerg Kummer)
- 2019-01-19 47430f74da [TASK] Fix minor spelling in Changelog (thanks to Joerg Kummer)
- 2019-01-19 b79b0382a8 [TASK] Add
.nvmrc
file (thanks to Andreas Fernandez) - 2019-01-19 2654149ace [TASK] Fix minor syntax in Changelog (thanks to jokumer)
- 2019-01-18 c87b187116 [BUGFIX] Adapt tests concerning fluid viewhelpers (thanks to Anja Leichsenring)
- 2019-01-17 eaad54afb0 [BUGFIX] Fix duplicate rendering of ‚pages‘ id-attribute (thanks to theline)
- 2019-01-17 7fb10221ca [TASK] Update Feature-84729-NewTCATypeSlug.rst (thanks to Dmytro Nozdrin)
- 2019-01-16 aa08d4331a [BUGFIX] Fix various „No pseudo-site found in root line of page“ errors (thanks to Benni Mack)
- 2019-01-16 4a77abe6b7 [BUGFIX] Use argument $tparams BackendUtility::thumbCode for FAL items (thanks to Georg Ringer)
- 2019-01-16 c4304369a3 [BUGFIX] Use correct variable to select a subfolder within folder selector (thanks to Ioulia Kondratovitch)
- 2019-01-14 fe3164d122 [BUGFIX] Use proper typolink with clean TSFE for redirects (thanks to Benni Mack)
- 2019-01-14 58c65b5dc0 [BUGFIX] Check for unset font if text is set in GIFBUILDER (thanks to Tom Novotny)
- 2019-01-11 0b808ec137 [BUGFIX] Allow to access pages with „index.php?id=123“ (thanks to Michael Giek)
- 2019-01-11 1f8fbd6329 [BUGFIX] Make nested slugs in rootpages possible (thanks to Benni Mack)
- 2019-01-11 7b74c03691 [TASK] Remove check for posix_getegid returning -1 (thanks to Stefanos Karasavvidis)
- 2019-01-11 b29475820e [BUGFIX] Streamline creating text files in filelist module (thanks to Oliver Hader)
- 2019-01-11 51488f9c93 [BUGFIX] Force log_data to be an array (thanks to Ioulia Kondratovitch)
- 2019-01-11 cc3e6f1c6b [BUGFIX] Remove rawurlencode from felogin reset password link (thanks to Gerrit Mohrmann)
- 2019-01-11 19ef904a07 [BUGFIX] Make single errors from FileSizeValidator translatable (thanks to Marc Bastian Heinrichs)
- 2019-01-11 72fd7f3848 [TASK] Remove checks for vfsStream availability (thanks to Stefanos Karasavvidis)
- 2019-01-11 edabf59f5f [TASK] Remove checks for CRYPT_MD5 and CRYPT_BLOWFISH availability (thanks to Stefanos Karasavvidis)
- 2019-01-11 1a925cad5d [BUGFIX] Create default site configuration on installation (thanks to Benni Mack)
- 2019-01-10 66daff7ccf [TASK] Update copyright year in documentation to 2019 (thanks to Stefanos Karasavvidis)
- 2019-01-09 e7c24fbc27 [BUGFIX] Avoid fatal when flushed directory is a symlink (thanks to Helmut Hummel)
- 2019-01-09 3508571564 [BUGFIX] Install tool: Allow row updater as valid identifier (thanks to Thorben Nissen)
- 2019-01-09 ea8793200b [BUGFIX] Use
addOrderBy()
to support multiple orderings (thanks to Andreas Fernandez) - 2019-01-08 6d6d6b8c84 [TASK] Activate link on numbers in filelist pagination (thanks to Guido Schmechel)
- 2019-01-08 88e54f9ff1 [BUGFIX] Add also the „/“ slash to ROUTE_PATH_DELIMITERS array (thanks to Ralf Merz)
- 2019-01-08 f30c8d59ce [BUGFIX] Replace removed alias for ViewHelperNode (thanks to Stefanos Karasavvidis)
- 2019-01-08 7da43fd965 [BUGFIX] Set pageId in WorkspacePreview in InlineSettings (thanks to Devid Messner)
- 2019-01-07 a5543fd78f [BUGFIX] Use correct language fallback settings in functional tests (thanks to Oliver Hader)
- 2019-01-07 4aab1c94ff [FEATURE] Support feature toggle in expression language (thanks to Frank Naegler)
- 2019-01-07 3c8746d333 [BUGFIX] Avoid frameborder attribute if no doctype is set (thanks to Georg Ringer)
- 2019-01-07 360c8d687b [BUGFIX] Invalidate cached PageTitleProvider (thanks to Guido Schmechel)
- 2019-01-06 40ee9a7488 [BUGFIX] Show tooltips in the recordlist (thanks to Guido Schmechel)
- 2019-01-05 b965231582 [TASK] Stop dangling containers in bamboo (thanks to Christian Kuhn)
- 2019-01-04 7e2c650bdb [BUGFIX] Allow to add type=0 to typolink syntax (thanks to Benni Mack)
- 2019-01-02 5922ba669a [BUGFIX] Show correct extension name in redirects update (thanks to Benjamin Kott)
- 2018-12-28 7e8931a1f1 [FEATURE] Make SiteLanguage available in TypoScript (thanks to Georg Ringer)
- 2018-12-28 30cf5b6c49 [BUGFIX] Streamline tree markup (thanks to Andreas Fernandez)
- 2018-12-28 0fe865d12c [TASK] Fix sentence in indexed_search documentation (thanks to Franz Holzinger)
- 2018-12-22 5db2405d58 [TASK] Add missing class aliases to extension scanner (thanks to Anja Leichsenring)
- 2018-12-22 0777264e27 [BUGFIX] Replace @ignorevalidation in SearchController (thanks to Alexander Schnitzler)
- 2018-12-22 e565c08a36 [BUGFIX] Add PATH_site to extension scanner (thanks to Christian Kuhn)
- 2018-12-22 8bb407e4ff [BUGFIX] Show domains from Site configs in redirect picker (thanks to Benni Mack)
- 2018-12-21 8b4069bebb [BUGFIX] Fix double namespace in test class (thanks to Benni Mack)
- 2018-12-21 f37c312091 [BUGFIX] Exclude logger from serialize on save for scheduler task (thanks to Joerg Boesche)
- 2018-12-20 818f751dc7 [BUGFIX] Reimplement custom BE languages (thanks to Guido Schmechel)
- 2018-12-20 b70a3d4caa [TASK] Do not show error when copying a record was successful (thanks to Christoph Lehmann)
- 2018-12-19 3d4b8ad769 [BUGFIX] Add checkDataSubmission hook to extension scanner (thanks to Benjamin Franzke)
- 2018-12-19 a8d511a030 [BUGFIX] Add cache StringFrontend to extension scanner (thanks to Christian Kuhn)
- 2018-12-19 b403e6bf98 [TASK] Add acceptance test for Template and Sites creation (thanks to Steffen Dietrich)
- 2018-12-18 d76373a76a [TASK] Typo ‚boostrap‘ should be ‚bootstrap‘ (thanks to Christian Kuhn)
- 2018-12-18 00bca0db22 [BUGFIX] Do not try to delete already remove file (thanks to Helmut Hummel)
- 2018-12-17 3dccaa910b [BUGFIX] Streamline UX for File Upload module (thanks to Benni Mack)
- 2018-12-17 fc187967df [BUGFIX] Mark form as changed after using the image cropper (thanks to Andreas Fernandez)
- 2018-12-17 aa4358b27d [BUGFIX] Add missing use statement in CObjectViewHelper (thanks to Georg Ringer)
- 2018-12-17 97e2b3fe7b [TASK] Streamline dependencies in package.json (thanks to Benni Mack)
- 2018-12-17 28b2dc20ac [BUGFIX] Do not depend on global TSFE for link generation (thanks to Benni Mack)
- 2018-12-16 6b72df5951 [TASK] bamboo sends nightly build messages to intercept (thanks to Christian Kuhn)
- 2018-12-14 070e850ab4 [TASK] composer update without progress in bamboo (thanks to Christian Kuhn)
- 2018-12-14 8a23a60178 [TASK] Raise typo3/cms-styleguide from 9.2.2 to 9.2.3 (thanks to Christian Kuhn)
- 2018-12-14 f75ed62581 [TASK] Update typo3/testing-framework from 4.11.1 to 4.11.2 (thanks to Christian Kuhn)
- 2018-12-14 8055d88e1f [TASK] Remove branch alias for 9.5 branch (thanks to Benni Mack)
- 2018-12-14 2a8a70b8da [TASK] Update URL to use HTTPS (thanks to Ben Abbott)
- 2018-12-14 e10ed86945 [TASK] Prepare bamboo for 9.5 branch (thanks to Christian Kuhn)
- 2018-12-14 7c53b25b40 [TASK] Set TYPO3 version to 9.5.4-dev (thanks to Oliver Hader)
Typo3 8.7.24 Release Notes
- 2019-01-22 f4a2203ba8 [RELEASE] Release of TYPO3 8.7.24 (thanks to Oliver Hader)
- 2019-01-22 c8c21aa528 [BUGFIX] Use Json-based response for RequireJsController (thanks to Benni Mack)
- 2019-01-22 0251dbdef3 [TASK] Set TYPO3 version to 8.7.24-dev (thanks to Oliver Hader)
Typo3 8.7.23 Release Notes
- 2019-01-22 720faa8339 [RELEASE] Release of TYPO3 8.7.23 (thanks to Oliver Hader)
- 2019-01-22 23393bf853 [TASK] Recompile install.css (thanks to Oliver Hader)
- 2019-01-22 095ae4ab68 [SECURITY] Extend file deny pattern (thanks to Oliver Hader)
- 2019-01-22 79528f75e2 [SECURITY] Use a fluid template for the ConfirmationFinisher message (thanks to Ralf Zimmermann)
- 2019-01-22 2afe72a43d [SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components (thanks to Benni Mack)
- 2019-01-22 732c4acfae [SECURITY] XSS issues in Fluid view helpers (thanks to Andreas Wolf)
- 2019-01-22 5004201ee7 [SECURITY] Backend user privilege escalation for language limitations (thanks to Oliver Hader)
- 2019-01-22 e4d0cff40a [SECURITY] Avoid creation of backend users without password (thanks to Benni Mack)
- 2019-01-22 c81cca9e41 [SECURITY] Avoid disclosing loaded extensions (thanks to Oliver Hader)
- 2019-01-21 1fae04ecdb [TASK] Raise guzzlehttp/psr7 composer dependency (thanks to Oliver Hader)
- 2019-01-21 5e7476a6a4 [BUGFIX] Harden CommandUtility invocations (thanks to Oliver Hader)
- 2019-01-19 4b9ca1a941 [TASK] Add
.nvmrc
file (thanks to Andreas Fernandez) - 2019-01-11 4a8a4a9cf5 [BUGFIX] Streamline creating text files in filelist module (thanks to Anja Leichsenring)
- 2019-01-10 541eac43f2 [TASK] Update copyright year in documentation to 2019 (thanks to Stefanos Karasavvidis)
- 2019-01-09 00ad549b91 [BUGFIX] Avoid fatal when flushed directory is a symlink (thanks to Helmut Hummel)
- 2019-01-05 59ec66ef53 [TASK] Stop dangling containers in bamboo (thanks to Christian Kuhn)
- 2019-01-04 4bd4c8b8dd [BUGFIX] Sql query export to use search_result_labels setting (thanks to lsascha)
- 2019-01-04 26e03f55f8 [BUGFIX] Allow to add type=0 to typolink syntax (thanks to Benni Mack)
- 2018-12-23 f5113db66c [BUGFIX] Streamline tree markup (thanks to Andreas Fernandez)
- 2018-12-22 3d48e44e8e [TASK] Add filter for be_users and be_groups (thanks to Guido Schmechel)
- 2018-12-20 148b0ee0f5 [TASK] Do not show error when copying a record was successful (thanks to Christoph Lehmann)
- 2018-12-19 b6472c9db8 [TASK] Revert test change and disable unit tests completely on Travis CI (thanks to Markus Klein)
- 2018-12-19 392ceedd34 [BUGFIX] Disable extension updates in Composer mode (thanks to Nicole Cordes)
- 2018-12-18 9f8b1de09d [BUGFIX] Do not try to delete already remove file (thanks to Helmut Hummel)
- 2018-12-17 c205c57216 [BUGFIX] Mark form as changed after using the image cropper (thanks to Andreas Fernandez)
- 2018-12-17 6e20e4327c [TASK] Declare compatible with PHP 7.3 (thanks to Mathias Brodala)
- 2018-12-17 3854a1f8d3 [TASK] Streamline dependencies in package.json (thanks to Benni Mack)
- 2018-12-17 754452b1cd [BUGFIX] Fix positioning of arrows in Element Browser (thanks to Andreas Fernandez)
- 2018-12-16 f57da31c7b [TASK] bamboo sends nightly build messages to intercept (thanks to Christian Kuhn)
- 2018-12-14 ca4d477dbe [BUGFIX] Support DateTimeInterface in DebuggerUtility (thanks to Andreas Wolf)
- 2018-12-14 5306843a57 [TASK] Set TYPO3 version to 8.7.23-dev (thanks to Oliver Hader)
Quelle: https://get.typo3.org/release-notes/8.7.24
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.