From oliver.hader at typo3.org Tue Jan 22 12:02:38 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 22 Jan 2019 12:02:38 +0100 Subject: [TYPO3-announce] Announcing TYPO3 v9.5.4 and v8.7.23 security releases Message-ID: Dear TYPO3 World, the TYPO3 Community announces the releases of TYPO3 v9.5.4 LTS and v8.7.23 LTS, as scheduled. All versions are security releases and contain important security fixes - read the corresponding security advisories here: https://typo3.org/security/advisory/typo3-core-sa-2019-001/ https://typo3.org/security/advisory/typo3-core-sa-2019-002/ https://typo3.org/security/advisory/typo3-core-sa-2019-003/ https://typo3.org/security/advisory/typo3-core-sa-2019-004/ https://typo3.org/security/advisory/typo3-core-sa-2019-005/ https://typo3.org/security/advisory/typo3-core-sa-2019-006/ https://typo3.org/security/advisory/typo3-core-sa-2019-007/ https://typo3.org/security/advisory/typo3-core-sa-2019-008/ For details about the releases, please visit the following website: https://typo3.org/article/typo3-954-and-8723-security-releases-published/ The packages can be downloaded here: https://get.typo3.org/ SHA256 checksums: c06e976bc896270bf0c06e30c0e3827b2ef428466166a92035088a7de380da60 typo3_src-8.7.23.tar.gz 0233d4379221a75775222425ff26dd8e157fa255ec711752922f0e13b3a43e51 typo3_src-8.7.23.zip 2190b02a5d5b392121974717b96f9de22c18162d4c57df7acd7e2b1a58a9d6f0 typo3_src-9.5.4.tar.gz c37d828c99bbefbcdc4d368689cac03d621f616c10aa0f92b1011aa0e08e0b57 typo3_src-9.5.4.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/typo3cms/drafts/github/TYPO3Incubator/InfrastructureGuide/Releases/ Best regards Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From oliver.hader at typo3.org Tue Jan 22 12:15:10 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 22 Jan 2019 12:15:10 +0100 Subject: [TYPO3-announce] Announcing TYPO3 Extension Security Updates Message-ID: Dear TYPO3 World, the TYPO3 Security Team has just released the following Extension Security Bulletins: 1) Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) https://typo3.org/security/advisory/typo3-ext-sa-2019-001/ 2) Multiple vulnerabilities in extension "typo3_forum" (typo3_forum) https://typo3.org/security/advisory/typo3-ext-sa-2019-002/ 3) Multiple vulnerabilities in extension "femanager" (femanager) https://typo3.org/security/advisory/typo3-ext-sa-2019-003/ 4) Object Injection in extension "mkmailer" (mkmailer) https://typo3.org/security/advisory/typo3-ext-sa-2019-004/ Find all TYPO3 security advisories here: https://typo3.org/help/security-advisories/ Best regards Oliver Hader -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From oliver.hader at typo3.org Tue Jan 22 12:21:45 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 22 Jan 2019 12:21:45 +0100 Subject: [TYPO3-announce] Announcing TYPO3 Public Service Announcements Message-ID: Dear TYPO3 World, the TYPO3 Security Team has just released the following Public Service Announcements: 1) Possible Arbitrary Code Execution in CommandUtility API https://typo3.org/security/advisory/typo3-psa-2019-001/ 2) Username and Email Address Enumeration https://typo3.org/security/advisory/typo3-psa-2019-002/ 3) Cross-Site Scripting in Flash component (ELTS) https://typo3.org/security/advisory/typo3-psa-2019-003/ Find all TYPO3 security advisories here: https://typo3.org/help/security-advisories/ Best regards Oliver Hader -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From oliver.hader at typo3.org Tue Jan 22 16:56:44 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 22 Jan 2019 16:56:44 +0100 Subject: [TYPO3-announce] Announcing TYPO3 v8.7.24 LTS Message-ID: Dear TYPO3 World, the TYPO3 Community announces the release of TYPO3 v8.7.24 LTS. This version is a maintenance release and contains a regression fix from this week's security release. For details about the release, please visit the following websites: https://typo3.org/article/typo3-v8724-lts-released/ https://forge.typo3.org/issues/87519 The packages can be downloaded here: https://get.typo3.org/ SHA256 checksums: 0277d821bfd8e931428029383db7c0c1709fe7d90a4d2a8ba3e9b473c433622d typo3_src-8.7.24.tar.gz 2fc54320c022f5f758f73acb13a601abfd681fbebcd3997bbc3e82d4f254fc34 typo3_src-8.7.24.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/typo3cms/drafts/github/TYPO3Incubator/InfrastructureGuide/Releases/ Best regards Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From benni at typo3.org Tue Mar 5 14:46:39 2019 From: benni at typo3.org (Benni Mack) Date: Tue, 5 Mar 2019 14:46:39 +0100 Subject: [TYPO3-announce] Announcing TYPO3 CMS 9.5.5 LTS Message-ID: Dear TYPO3 World, today the TYPO3 Community has released TYPO3 CMS version 9.5.5 LTS which is ready for you to download. This version is a maintenance release and contains bug fixes only. For details about the release, please see: https://typo3.org/article/typo3-v955-lts-released/ https://get.typo3.org/release-notes/9.5.5 The package can be downloaded here: https://get.typo3.org/ SHA256 checksums: ce98a91436cc27166d81e6d7b254e05bc51e0f2bdbba8b73a3d7f145cb6c075b typo3_src-9.5.5.tar.gz 0576f8b6436e1bccd581a1fb61c3ed788ca898ff4a7fad2b465b6647ed1bff39 typo3_src-9.5.5.zip Further details on the signing and hashing process of TYPO3 releases: https://get.typo3.org/release-notes/9.5.5 Best regards, Benni Mack TYPO3 Project Lead TYPO3 .... inspiring people to share! Get involved: http://typo3.org From oliver.hader at typo3.org Tue May 7 13:12:30 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 7 May 2019 13:12:30 +0200 Subject: [TYPO3-announce] Announcing TYPO3 v9.5.6 and v8.7.25 security releases Message-ID: Dear TYPO3 World, the TYPO3 Community announces the releases of TYPO3 v9.5.6 LTS and v8.7.25 LTS, as scheduled. All versions are security releases and contain important security fixes - read the corresponding security advisories here: https://typo3.org/security/advisory/typo3-core-sa-2019-009/ https://typo3.org/security/advisory/typo3-core-sa-2019-010/ https://typo3.org/security/advisory/typo3-core-sa-2019-011/ https://typo3.org/security/advisory/typo3-core-sa-2019-012/ https://typo3.org/security/advisory/typo3-core-sa-2019-013/ For details about the releases, please visit the following website: https://typo3.org/article/typo3-956-and-8725-security-releases-published/ The packages can be downloaded here: https://get.typo3.org/ SHA256 checksums: c83db7eee99655c5f2ea6dc15b0b0f53aa935232efb2b047cb7b9a99e1d1f3c0 typo3_src-8.7.25.tar.gz 9508167a500cedf1817e4c5a7074c1d6c6f97d34a9fd1c8b37eb6628d8c4711d typo3_src-8.7.25.zip 51e9afa9c195abdefb5412126e657f48e82674fd5e97a23fdb407910e2c1dbce typo3_src-9.5.6.tar.gz 49af9b1b7f96b57b997a73aca7aa580d3625dffdc6c6dd82e007476b32dd46b7 typo3_src-9.5.6.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/typo3cms/drafts/github/TYPO3Incubator/InfrastructureGuide/Releases/ Best regards Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From security at typo3.org Tue May 7 13:33:43 2019 From: security at typo3.org (TYPO3 Security Team) Date: Tue, 7 May 2019 13:33:43 +0200 Subject: [TYPO3-announce] [Ticket#201905075760000019] Vulnerabilities in multiple third party TYPO3 CMS extensions Message-ID: Dear TYPO3 users, several vulnerabilities have been found in the following third party TYPO3 extensions: "Faceted Search" (ke_search) "Hairu" (hairu) "ImageOptimizer" (imageoptimizer) "phpMyAdmin" (phpmyadmin) "gkh RSS Import" (gkh_rss_import) "Instagram" (ws_instagram) "Event Calender" (pits_wd_calender) "Yet Another Gallery" (yag) "comsolit Suggest" (comsolit_suggest) For further information on the issues, please read the related advisories TYPO3-EXT-SA-2019-005, TYPO3-EXT-SA-2019-006, TYPO3-EXT-SA-2019-007, TYPO3-EXT-SA-2019-008, TYPO3-EXT-SA-2019-009, TYPO3-EXT-SA-2019-010, TYPO3-EXT-SA-2019-011, TYPO3-EXT-SA-2019-012, TYPO3-EXT-SA-2019-013 which were published today: TYPO3-EXT-SA-2019-005: SQL Injection in extension "Faceted Search" (ke_search) [1]https://typo3.org/security/advisory/typo3-ext-sa-2019-005/ TYPO3-EXT-SA-2019-006: Open Redirect in extension "Hairu" (hairu) [2]https://typo3.org/security/advisory/typo3-ext-sa-2019-006/ TYPO3-EXT-SA-2019-007: Remote Code Execution in extension "ImageOptimizer" (imageoptimizer) [3]https://typo3.org/security/advisory/typo3-ext-sa-2019-007/ TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) [4]https://typo3.org/security/advisory/typo3-ext-sa-2019-008/ TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import) [5]https://typo3.org/security/advisory/typo3-ext-sa-2019-009/ TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram) [6]https://typo3.org/security/advisory/typo3-ext-sa-2019-010/ TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender) [7]https://typo3.org/security/advisory/typo3-ext-sa-2019-011/ TYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag) [8]https://typo3.org/security/advisory/typo3-ext-sa-2019-012/ TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest) [9]https://typo3.org/security/advisory/typo3-ext-sa-2019-013/ In general the TYPO3 Security Team recommends to read the following pages: The TYPO3 Security Guide: [10]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html Make sure you are subscribed to the TYPO3 Announce List: [11]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce See all TYPO3 security advisories: [12]https://typo3.org/help/security-advisories/ Regards, Torben Hansen Member of the TYPO3 Security Team -- TYPO3 Security Team homepage: [13]https://typo3.org/teams/security/ E-Mail: security at typo3.org Please note: When replying to this e-mail, please leave the header intact. [1] https://typo3.org/security/advisory/typo3-ext-sa-2019-005/ [2] https://typo3.org/security/advisory/typo3-ext-sa-2019-006/ [3] https://typo3.org/security/advisory/typo3-ext-sa-2019-007/ [4] https://typo3.org/security/advisory/typo3-ext-sa-2019-008/ [5] https://typo3.org/security/advisory/typo3-ext-sa-2019-009/ [6] https://typo3.org/security/advisory/typo3-ext-sa-2019-010/ [7] https://typo3.org/security/advisory/typo3-ext-sa-2019-011/ [8] https://typo3.org/security/advisory/typo3-ext-sa-2019-012/ [9] https://typo3.org/security/advisory/typo3-ext-sa-2019-013/ [10] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html [11] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce [12] https://typo3.org/help/security-advisories/ [13] https://typo3.org/teams/security/ From oliver.hader at typo3.org Tue May 7 13:45:53 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 7 May 2019 13:45:53 +0200 Subject: [TYPO3-announce] Announcing TYPO3 Public Service Announcements Message-ID: Dear TYPO3 World, the TYPO3 Security Team has just released the following Public Service Announcements: 1) Cross-Site Scripting in jQuery before 3.4.0 https://typo3.org/security/advisory/typo3-psa-2019-004/ 2) Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0 https://typo3.org/security/advisory/typo3-psa-2019-005/ 3) Security Misconfiguration since TYPO3 9.4.0 https://typo3.org/security/advisory/typo3-psa-2019-006/ Find all TYPO3 security advisories here: https://typo3.org/help/security-advisories/ Best regards Oliver Hader -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From benni at typo3.org Wed May 15 15:06:11 2019 From: benni at typo3.org (Benni Mack) Date: Wed, 15 May 2019 15:06:11 +0200 Subject: [TYPO3-announce] Announcing TYPO3 9.5.7 LTS and 8.7.26 LTS Message-ID: Dear TYPO3 World, today the TYPO3 Community has released TYPO3 9.5.7 LTS and 8.7.26 LTS which are ready for you to download. These releases contain regression fixes solving issues for certain hosting environments since the previous maintenance releases. These versions are maintenance releases and contain bug fixes only. The packages can be downloaded here: https://get.typo3.org/ For details about the release, please see: ? https://get.typo3.org/release-notes/9.5.7 ? https://get.typo3.org/release-notes/8.7.26 SHA256 checksums: 542b2b320d4d27316487f37f89b2e09288f82de898fddddc862a83fe675a2321 typo3_src-9.5.7.tar.gz fc34f0ccb84c56fe78351b3d253f634e07bdf0088108728a50b6659972bf005d typo3_src-9.5.7.zip 6d79a1cfcc1cc6fcd69a6e815812ac7ce882c61a560139b2a3aaf9d44b023b51 typo3_src-8.7.26.tar.gz da8dbd69cbac982e9232a0c0df3659f32d839d39a7a7ab53c1ba806181d1147f typo3_src-8.7.26.zip Best regards, Benni Mack TYPO3 Project Lead From security at typo3.org Tue Jun 25 10:52:54 2019 From: security at typo3.org (TYPO3 Security Team) Date: Tue, 25 Jun 2019 10:52:54 +0200 Subject: [TYPO3-announce] [Ticket#201906255760000019] SQL Injection and CSRF in third party TYPO3 extension "phpMyAdmin" (phpmyadmin) Message-ID: Dear TYPO3 users, It has been discovered that the TYPO3 extension "phpMyAdmin" (phpmyadmin) is susceptible to SQL Injection and CSRF. For further information on the issue, please read the related advisory which was published today: TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin) [1]https://typo3.org/security/advisory/typo3-ext-sa-2019-014/ In general the TYPO3 Security Team recommends to read the following pages: The TYPO3 Security Guide: [2]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html Make sure you are subscribed to the TYPO3 Announce List: [3]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce See all TYPO3 security advisories: [4]https://typo3.org/help/security-advisories/ Regards, Torben Hansen Member of the TYPO3 Security Team -- TYPO3 Security Team homepage: [5]https://typo3.org/teams/security/ E-Mail: security at typo3.org Please note: When replying to this e-mail, please leave the header intact. [1] https://typo3.org/security/advisory/typo3-ext-sa-2019-014/ [2] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html [3] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce [4] https://typo3.org/help/security-advisories/ [5] https://typo3.org/teams/security/ From oliver.hader at typo3.org Tue Jun 25 11:06:55 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 25 Jun 2019 11:06:55 +0200 Subject: [TYPO3-announce] Announcing TYPO3 v9.5.8 and v8.7.27 security releases Message-ID: Dear TYPO3 World, the TYPO3 Community announces the releases of TYPO3 v9.5.8 LTS and v8.7.27 LTS, as scheduled. All versions are security releases and contain important security fixes - read the corresponding security advisories here: https://typo3.org/security/advisory/typo3-core-sa-2019-014/ https://typo3.org/security/advisory/typo3-core-sa-2019-015/ https://typo3.org/security/advisory/typo3-core-sa-2019-016/ https://typo3.org/security/advisory/typo3-core-sa-2019-017/ https://typo3.org/security/advisory/typo3-core-sa-2019-018/ https://typo3.org/security/advisory/typo3-core-sa-2019-019/ https://typo3.org/security/advisory/typo3-core-sa-2019-020/ For details about the releases, please visit the following website: https://typo3.org/article/typo3-958-and-8727-security-releases-published/ The packages can be downloaded here: https://get.typo3.org/ SHA256 checksums: e3299e418a2db7fa795af8fe29012726dd19e3c95a655bbd03ff47b5f9657969 typo3_src-8.7.27.tar.gz 3126526a69955fa965dd2cb7efea6f71fc5440a08e746cb816b4859cb0716877 typo3_src-8.7.27.zip e63b00ef074cba6afc098b307e5f4f0254c66a604cadba2c91755719a717cff2 typo3_src-9.5.8.tar.gz 28fd2f3bc7a25aaa7c540b559f9584157abe476e163c555856f1e9995d616447 typo3_src-9.5.8.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/typo3cms/drafts/github/TYPO3Incubator/InfrastructureGuide/Releases/ Best regards Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From benni at typo3.org Tue Jul 23 10:33:52 2019 From: benni at typo3.org (Benni Mack) Date: Tue, 23 Jul 2019 10:33:52 +0200 Subject: [TYPO3-announce] Announcing TYPO3 v10.0 Message-ID: Dear TYPO3 World, The TYPO3 community has just released TYPO3 v10.0, the first sprint release of the 10.x release series. TYPO3 v10.0 comes with major API changes that pave the way for new features for editors and integrators in the next sprint releases. For details about the release, please see: https://typo3.org/article/x-marks-the-spot-typo3-v100-is-here/ The packages can be downloaded here: https://get.typo3.org/version/10 Checksums of TYPO3 v10.0.0 SHA256 aa7e13a40c38f11863e45fba7662949f7415e68092084eaeaa5d084d7f626699 typo3_src-10.0.0.tar.gz beb7483a15afcfd3ca19df94caad1288cff9e89839652951af860d5ac9c2da66 typo3_src-10.0.0.zip SHA1 c746d0f68eaa0804b2d348cff41189c6ea742b3d typo3_src-10.0.0.tar.gz 88c7097917836ebc50b19c32d9ebce40b4dcb6a0 typo3_src-10.0.0.zip Best regards, Benni Mack TYPO3 Project Lead -- TYPO3 ... inspiring people to share! From benni at typo3.org Tue Aug 20 12:00:10 2019 From: benni at typo3.org (Benni Mack) Date: Tue, 20 Aug 2019 12:00:10 +0200 Subject: [TYPO3-announce] Announcing TYPO3 CMS 9.5.9 LTS Message-ID: Dear TYPO3 World, today the TYPO3 Community has released TYPO3 CMS version 9.5.9 LTS which is ready for you to download. This version is a maintenance release and contains bug fixes only. For details about the release, please see: https://typo3.org/article/typo3-v959-lts-released/ https://get.typo3.org/release-notes/9.5.9 The package can be downloaded here: https://get.typo3.org/version/9 SHA256 checksums: d8fa173b6a3917c1469bd332787af5c6866b881a89682cb60884ac41686e92e9 typo3_src-9.5.9.tar.gz d0cc3d63b7afdc559f05125dbaed39d8f59c1605a3d3d9985c9c4f9b27399214 typo3_src-9.5.9.zip Further details on the signing and hashing process of TYPO3 releases: https://get.typo3.org/release-notes/9.5.9 Best regards, Benni Mack TYPO3 Project Lead TYPO3 .... inspiring people to share! Get involved: https://typo3.org From oliver.hader at typo3.org Tue Oct 1 11:22:59 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 1 Oct 2019 11:22:59 +0200 Subject: [TYPO3-announce] TYPO3 version 10.1 released - On the High Seas Message-ID: Dear TYPO3 World, The TYPO3 community has just released TYPO3 v10.1, the second sprint release on the way to the LTS-version (long-term support) in 2020. For details about the release, please see: https://typo3.org/article/typo3-version-101-on-the-high-seas/ The packages can be downloaded here: https://get.typo3.org/version/10 SHA256 238b0e8a46ea4e1bea1b028d73e8dc175f28987b4344881fa1e6c01688c1f9df typo3_src-10.1.0.tar.gz 6343987916952ed20cb78c23da0727a9043bdb8bad59bcd34baaa3e4067794ff typo3_src-10.1.0.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/m/typo3/guide-installation/master/en-us/ReleaseIntegrity/Index.html All the best Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From oliver.hader at typo3.org Tue Oct 15 09:58:40 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 15 Oct 2019 09:58:40 +0200 Subject: [TYPO3-announce] Announcing TYPO3 v9.5.10 LTS and v8.7.28 LTS Message-ID: Dear TYPO3 World, the TYPO3 Community announces the releases of TYPO3 v9.5.10 LTS and v8.7.28 LTS, as scheduled. All versions are maintenance releases and contain bug fixes only. For details about the release, please see: https://typo3.org/article/typo3-v9510-lts-and-v8728-lts-released/ The packages can be downloaded here: https://get.typo3.org/version/9 https://get.typo3.org/version/8 SHA256 checksums: 4557c70f63c633aa5b10a7990fb652f90eeb01e098edbb023676723de6d4f81f typo3_src-8.7.28.tar.gz a450ffe5313bf5e08b1a32c5d6b0fa27aa2faebc5f40f50159a5682d0a014802 typo3_src-8.7.28.zip 65e2918a6cfcd16c8dd804799be9be066384e071639205dbe1bb383fb4dcd27e typo3_src-9.5.10.tar.gz cf2675a743d6ae89b139686f4d7b449dc2bc2d0bf9062d3c778ed09b4813dca3 typo3_src-9.5.10.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/m/typo3/guide-installation/master/en-us/ReleaseIntegrity/Index.html All the best Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From security at typo3.org Tue Oct 15 12:28:13 2019 From: security at typo3.org (TYPO3 Security Team) Date: Tue, 15 Oct 2019 12:28:13 +0200 Subject: [TYPO3-announce] [Ticket#201910155760000011] Vulnerabilities in multiple third party TYPO3 CMS extensions Message-ID: Dear TYPO3 users, several vulnerabilities have been found in the following third party TYPO3 extensions: "URL redirect" (url_redirect) "Direct Mail" (direct_mail) "SLUB: Event Registration" (slub_events) "freeCap CAPTCHA" (sr_freecap) For further information on the issues, please read the related advisories TYPO3-EXT-SA-2019-015, TYPO3-EXT-SA-2019-016, TYPO3-EXT-SA-2019-017 and TYPO3-EXT-SA-2019-018 which were published today: TYPO3-EXT-SA-2019-015: SQL Injection in extension "URL redirect" (url_redirect) [1]https://typo3.org/security/advisory/typo3-ext-sa-2019-015/ TYPO3-EXT-SA-2019-016: Information Disclosure in extension "Direct Mail" (direct_mail) [2]https://typo3.org/security/advisory/typo3-ext-sa-2019-016/ TYPO3-EXT-SA-2019-017: Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events) [3]https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ TYPO3-EXT-SA-2019-018: Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap) [4]https://typo3.org/security/advisory/typo3-ext-sa-2019-018/ In general the TYPO3 Security Team recommends to read the following pages: The TYPO3 Security Guide: [5]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html Make sure you are subscribed to the TYPO3 Announce List: [6]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce See all TYPO3 security advisories: [7]https://typo3.org/help/security-advisories/ Regards, Torben Hansen Member of the TYPO3 Security Team -- TYPO3 Security Team homepage: [8]https://typo3.org/teams/security/ E-Mail: security at typo3.org Please note: When replying to this e-mail, please leave the header intact. [1] https://typo3.org/security/advisory/typo3-ext-sa-2019-015/ [2] https://typo3.org/security/advisory/typo3-ext-sa-2019-016/ [3] https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ [4] https://typo3.org/security/advisory/typo3-ext-sa-2019-018/ [5] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html [6] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce [7] https://typo3.org/help/security-advisories/ [8] https://typo3.org/teams/security/ From benni at typo3.org Tue Dec 3 13:04:21 2019 From: benni at typo3.org (Benni Mack) Date: Tue, 3 Dec 2019 13:04:21 +0100 Subject: [TYPO3-announce] Announcing TYPO3 v10.2.0 Message-ID: Dear TYPO3 World, We've just released TYPO3 v10.2.0, the third sprint release of the 10.x release series. TYPO3 v10.2 comes with new features for everybody! We hope you like it. For details about the release, please see: https://typo3.org/article/typo3-version-102-treasure-hunting/ The packages can be downloaded here: https://get.typo3.org/version/10 Checksums of TYPO3 v10.2.0 SHA256 69f03e1ab540dcecb9c4a4fbe09f1913c5d9486fee25cc384dca9185fbae0719 typo3_src-10.2.0.tar.gz 7fc004c6616457778635de7eb7480c665e16441bcfb99b6efd74d694b6b90875 typo3_src-10.2.0.zip SHA1 c6861dff4b4b6caf5699a504d121108e4579fa54 typo3_src-10.2.0.tar.gz 19b9a2fa9800a802e9360ec76d898ef711640b43 typo3_src-10.2.0.zip Best regards, Benni Mack TYPO3 Project Lead -- TYPO3 ... inspiring people to share! From oliver.hader at typo3.org Tue Dec 17 13:13:13 2019 From: oliver.hader at typo3.org (oliver.hader at typo3.org) Date: Tue, 17 Dec 2019 13:13:13 +0100 Subject: [TYPO3-announce] Announcing TYPO3 10.2.2, 9.5.12 and 8.7.30 security releases Message-ID: Dear TYPO3 World, We?ve just released TYPO3 version 10.2.2, 9.5.12 LTS and 8.7.30 LTS, as scheduled. All versions are security releases and contain important security fixes - read the corresponding security advisories here: https://typo3.org/security/advisory/typo3-core-sa-2019-021/ https://typo3.org/security/advisory/typo3-core-sa-2019-022/ https://typo3.org/security/advisory/typo3-core-sa-2019-023/ https://typo3.org/security/advisory/typo3-core-sa-2019-024/ https://typo3.org/security/advisory/typo3-core-sa-2019-025/ https://typo3.org/security/advisory/typo3-core-sa-2019-026/ https://typo3.org/security/advisory/typo3-psa-2019-010/ https://typo3.org/security/advisory/typo3-psa-2019-011/ For details about the releases, please visit the following website: https://typo3.org/article/typo3-1022-9512-and-8730-security-releases-published/ The packages can be downloaded here: https://get.typo3.org/ SHA256 checksums: 8487257e884199fbc53a8f4e7b27b4bb37625a00b9c589e161634f0806fe716e typo3_src-8.7.30.tar.gz 75e11b3fadf21ef9f45ecfb6eac37e3bda6e53ae0e3f5b317a4c12f20016ddbc typo3_src-8.7.30.zip 8712628331b6228d65ffb42f3b32e2e05383e7211642ab79d940b6ea8b0b1c9a typo3_src-9.5.12.tar.gz 24f701b29e36fb74963f34f36e3002c092845b018c0f3ef3d7a8df305e9340c5 typo3_src-9.5.12.zip 2ce3150dc4988868207a862557119bbd6fd021145c323174b5cdecd1d8265de7 typo3_src-10.2.2.tar.gz 926674ea35d69cdc71dde4baffe8e13624c7e08d044caa254da62daf1a38ecb9 typo3_src-10.2.2.zip Further details on the signing and hashing process of TYPO3 releases: https://docs.typo3.org/typo3cms/drafts/github/TYPO3Incubator/InfrastructureGuide/Releases/ Best regards Oliver -- Oliver Hader TYPO3 .... inspiring people to share! Get involved: http://typo3.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From security at typo3.org Tue Dec 17 13:31:40 2019 From: security at typo3.org (TYPO3 Security Team) Date: Tue, 17 Dec 2019 13:31:40 +0100 Subject: [TYPO3-announce] [Ticket#201912175760000031] Vulnerabilities in multiple third party TYPO3 CMS extensions Message-ID: Dear TYPO3 users, several vulnerabilities have been found in the following third party TYPO3 extensions: "MKSamlAuth" (mksamlauth) "Change password for frontend users" (fe_change_pwd) "File List" (file_list) "femanager direct mail subscription" (femanager_dmail_subscribe) "femanager" (femanager) For further information on the issues, please read the related advisories TYPO3-EXT-SA-2019-019, TYPO3-EXT-SA-2019-020, TYPO3-EXT-SA-2019-021, TYPO3-EXT-SA-2019-022 and TYPO3-EXT-SA-2019-023 which were published today: TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth) [1]https://typo3.org/security/advisory/typo3-ext-sa-2019-019/ TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd) [2]https://typo3.org/security/advisory/typo3-ext-sa-2019-020/ TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list) [3]https://typo3.org/security/advisory/typo3-ext-sa-2019-021/ TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe) [4]https://typo3.org/security/advisory/typo3-ext-sa-2019-022/ TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager) [5]https://typo3.org/security/advisory/typo3-ext-sa-2019-023/ In general the TYPO3 Security Team recommends to read the following pages: The TYPO3 Security Guide: [6]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html Make sure you are subscribed to the TYPO3 Announce List: [7]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce See all TYPO3 security advisories: [8]https://typo3.org/help/security-advisories/ Regards, Torben Hansen Member of the TYPO3 Security Team -- TYPO3 Security Team homepage: [9]https://typo3.org/teams/security/ E-Mail: security at typo3.org Please note: When replying to this e-mail, please leave the header intact. [1] https://typo3.org/security/advisory/typo3-ext-sa-2019-019/ [2] https://typo3.org/security/advisory/typo3-ext-sa-2019-020/ [3] https://typo3.org/security/advisory/typo3-ext-sa-2019-021/ [4] https://typo3.org/security/advisory/typo3-ext-sa-2019-022/ [5] https://typo3.org/security/advisory/typo3-ext-sa-2019-023/ [6] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html [7] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce [8] https://typo3.org/help/security-advisories/ [9] https://typo3.org/teams/security/