[TYPO3-announce] [Ticket#201811205760000029] Announcing TYPO3 security related information

[TYPO3 Security Team]

Dear TYPO3 users,

the TYPO3 Security Team has just released the following security bulletin and 
public service announcement:

1) TYPO3-EXT-SA-2018-010: Cross-Site Scripting in extension "libconnect"
(libconnect)

It has been discovered that the extension "libconnect" (libconnect) is 
susceptible to Cross-Site Scripting.

For further information on the issue, please read the related advisory
TYPO3-EXT-SA-2018-010 which was published today:

[1]https://typo3.org/security/advisory/typo3-ext-sa-2018-010/

2) TYPO3-PSA-2018-002: Web Resource Restrictions

It has been discovered that development related information can be retrieved
by 
regular HTTP GET requests on NGINX web server environments missing strict
access 
restriction settings.

For further information on the issue, please read the related Public 
Service Announcement TYPO3-PSA-2018-002 which was published today:

[2]https://typo3.org/security/advisory/typo3-psa-2018-002/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
[3]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html

Make sure you are subscribed to the TYPO3 Announce List:
[4]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
[5]https://typo3.org/help/security-advisories/

Regards,

Torben Hansen
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: [6]https://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: When replying to this e-mail, please leave the header intact.


[1] https://typo3.org/security/advisory/typo3-ext-sa-2018-010/
[2] https://typo3.org/security/advisory/typo3-psa-2018-002/
[3] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
[4] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
[5] https://typo3.org/help/security-advisories/
[6] https://typo3.org/teams/security/