[TYPO3] [TYPO3-dev] Announcing TYPO3 4.1.4 and 4.0.8
Ingmar Schlecht
ingmar at typo3.org
Tue Dec 11 11:53:56 CET 2007
Dear TYPO3 users,
TYPO3 versions 4.1.4 and 4.0.8 are ready for download. They are
maintenance releases of versions 4.1 and 4.0 and therefore contain only
bugfixes. No database update is necessary to perform the upgrade.
Notable changes in 4.0.8:
* The above mentioned security fix to indexed_search
* A bugfix to image generation
Notable changes in 4.1.4:
* Fixed a low-severity SQL injection in the modfunc2 of
indexed_search
o The issue was only exploitable by BE users
o The severity of the issue was limited because addslashes()
was already applied to the value - yet not within a quoted
string
o For details see the bulletin [1]
* Translated language files were not always loaded
* A couple of issues with HTMLArea have been fixed
* Fixes of "Limit to Language" functionality
* Fixes regarding Inline Relational Record Editing (IRRE):
o Htmlarea is not show in child records if parent has no RTE
o Combination mode doesn't save new child records correctly
o Palettes are not always rendered correctly
* Flexforms didn't resolve sheets correctly causing "Cannot use
string offset as an array" error message
For details about the releases, see:
http://wiki.typo3.org/index.php/TYPO3_4.1.4
http://wiki.typo3.org/index.php/TYPO3_4.0.8
Download:
http://typo3.org/download/packages/
[1] Indexed Search SQL Injection - Security Bulletin
http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/
--
Ingmar Schlecht
TYPO3 Association Active Member
More information about the TYPO3-english
mailing list