[TYPO3-dev] [ANN] TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3

[Michael Stucki]

Hi Staffan,

> The change log at bugs.typo3.org of 4.0.4 says that only one thing is
> updated. The 4.1beta2 does not exist at all.
> 
> I guess that there is some manual stuff to take care of to publish beta2
> that hasn't been done.
> 
> But one thing that concern me is that the updated rtehthmlarea isn't
> mention by the bugtracker. Is it a operator driven error or aren't
> sysext changes noted in the change log of TYPO3? That could become a
> problem in the future (something might break).

The changelog feature of the bugtracker is not used by us. It would require
that every single change is listed as an issue in the bugtracker, but we
don't do so.

> So my questions is - is 4.1beta2 only a updated when it comes to
> rtehtmlarea or is there more bugfixes added?

There were more changes, though small and probably not so important.

Look at the real ChangeLog which is shipped with the TYPO3 source (it's in
the root directory).

- michael
-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/