[TYPO3-dev] Security announcement for css_filelinks extension
Helmut Hummel
helmut.hummel at typo3.org
Thu Feb 2 13:32:25 CET 2012
Hi Steffen,
Steffen Müller wrote:
> CSS styled Filelinks (css_filelinks) is announced as insecure in
> versions 0.2.18 and below. The issue should have been fixed in 0.2.19.
>
> But 0.2.19 is released since 2010/10/04.
>
> Does that mean the vulnerability is already fixed since> 1 year?
unfortunately this is all true. While restructuring and cleaning up our
internal issue tracker, we stubled over this old one. We had two
alternatives:
1. Ignore
2. Mention it anyway
We went for 2.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list