[TYPO3-core] FYI: Fixed outstanding but already disclosed security issues in TYPO3 4.1 branch
Oliver Hader
oliver at typo3.org
Mon May 17 18:58:39 CEST 2010
Hi,
the following outstanding security issues have now also been fixed in
the TYPO3_4-1 branch (rev. 7624-7634):
* Fixed bug #13394: Information disclosure in sysext:sys_actions
* Fixed bug #13042: XSS in index.php
* Fixed bug #11617: XSS in template module
* Fixed bug #13249: XSS in TS Object Browser
* Fixed bug #11621: XSS vulnerabilities in workspace module
* Fixed bug #11620: XSS vulnerability in task center module
* Fixed bug #12628: XSS in sysext sys_action
* Fixed bug #12634: XSS in the access module
* Fixed bug #13558: XSS in t3lib_querygenerator
* Fixed bug #12630: XSS in filelist module
The mentioned security issues have already been fixed and released on
February 23rd 2010 for the TYPO3 4.3 and 4.2 branches and have not been
considered as critical for the 4.1 branch at that time (4.1 was already
marked as "deprecated" at that time).
The support for TYPO3 4.1 will soon be dropped once the final version of
TYPO3 4.4 is released. Thus, we decided to have one last release of
TYPO3 4.1 within the next few weeks and all outstanding security issues
fixed in the 4.1 branch.
Links:
* The "old" security bulleting from February 2010:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/
* TYPO3 maintenance policy (concerning end of support for 4.1):
http://typo3.org/teams/core/resources/maintenance-policy/
Conclusion:
Don't panic! These commits were just about to be complete - also for a
already deprecated 4.1 branch...
olly
--
Oliver Hader
TYPO3 v4 Core Team Leader
More information about the TYPO3-team-core
mailing list