[TYPO3-dev] [ANN] TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3
Jason A. Lefkowitz
jason at jasonlefkowitz.net
Wed Dec 20 19:46:39 CET 2006
Ingmar Schlecht wrote:
> Dear users of TYPO3,
>
> a critical problem has been discovered in the rtehtmlarea extension.
>
There's a point in the bulletin I'm not sure I understand. I was using
rtehtmlarea 1.3.7 on my site (the version that came with TYPO3 4.x).
When I saw the bulletin, I grabbed the .t3x for rtehtmlarea 1.4.2 and
installed it in sysext/ over the old version.
This seems like it should close the security hole for me. However, the
bulletin says that 1.4.2 is only for people who were using more recent
rtehtmlarea versions -- that 1.3.7 users should upgrade to 1.3.8 (which
I could not find in the Extension Repository).
Is there any reason why I should not have upgraded to 1.4.2? Are there
hidden "gotchas" in going from 1.3.7 to 1.4.2?
Thanks!
-- Jason Lefkowitz
More information about the TYPO3-dev
mailing list