[TYPO3-dev] [ANN] TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3
Michael Stucki
michael at typo3.org
Wed Dec 20 21:56:45 CET 2006
Hi Jason,
> There's a point in the bulletin I'm not sure I understand. I was using
> rtehtmlarea 1.3.7 on my site (the version that came with TYPO3 4.x).
> When I saw the bulletin, I grabbed the .t3x for rtehtmlarea 1.4.2 and
> installed it in sysext/ over the old version.
>
> This seems like it should close the security hole for me. However, the
> bulletin says that 1.4.2 is only for people who were using more recent
> rtehtmlarea versions -- that 1.3.7 users should upgrade to 1.3.8 (which
> I could not find in the Extension Repository).
1.3.8 is there, I just checked this once again.
The main difference between 1.3.8 and 1.4.2 is that the new version (1.4.x)
contains new features (and probably bugs?) while 1.3.8 is a pure bugfix
release.
> Is there any reason why I should not have upgraded to 1.4.2? Are there
> hidden "gotchas" in going from 1.3.7 to 1.4.2?
I think it's the same reason why people prefer TYPO3 4.0.4 over 4.1beta2...
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-dev
mailing list