[TYPO3-dev] New 4.6.17 leads to #1359987599: jumpurl: Calculated juHash did not match the submitted juHash.
Søren Malling
soren.malling at gmail.com
Wed Mar 6 15:31:23 CET 2013
Hi Alexander,
>From the security bulletin
=====
If it is important that already distributed links (e.g. by directmail
newsletter module) are still working, you have to additionally:
- Install the provided extension
(t3x<http://typo3.org/fileadmin/security-team/sa2013-01/jumpurl_redirect.t3x>
, zip<http://typo3.org/fileadmin/security-team/sa2013-01/jumpurl_redirect.zip>)
which
covers the following cases:
- URLs which are present in pages or content elements are allowed to
be redirected to, even if the validation hash is missing or wrong.
- URLs which are present in newletters sent using the third party
module "directmail" are allowed to be redirected to, even if the
validation
hash is missing or wrong.
- =====
Regards
Søren
More information about the TYPO3-dev
mailing list