buzz.typo3.org: Security Team
http://buzz.typo3.org/
buzz.typo3.org: The TYPO3 buzz resource ;-)buzz.typo3.org: Security Team
http://buzz.typo3.org/
http://buzz.typo3.org/fileadmin/news.typo3.org/xmlicon.gifWhat you need to know and need to do if your website has been hacked.
http://buzz.typo3.org/teams/security/article/what-you-need-to-know-and-need-to-do-if-your-website-has-been-hacked/
This article aims to give a short overview of the most important things to do after your website has been compromised.Breaking changes in the latest TYPO3 Security Release
http://buzz.typo3.org/teams/security/article/breaking-changes-in-the-latest-typo3-security-release/
Since some people contacted us with questions regarding the latest release, this post will elaborate on the changes in that release and why they have been done that way.New naming scheme for TYPO3 Security Bulletins
http://buzz.typo3.org/article/new-naming-scheme-for-typo3-security-bulletins/
The TYPO3 Security Team introduced a new structure and a new naming scheme for security bulletins.[Coding] Doing Filename Checks Securely
http://buzz.typo3.org/teams/security/article/coding-doing-filename-checks-securely/
Recently a security issue in TYPO3 has been fixed, where it was possible to circumvent checks, which should ensure file names to match specific patterns (e.g. denying .php file extensions to be...Incident Handling of TYPO3 Core Issues
http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues/
The TYPO3 Security Team has decided to partly handle TYPO3 Core Incidents publicly by the standard Core Review Process.TYPO3 4.5 will be the most secure TYPO3 version ever.
http://buzz.typo3.org/article/typo3-45-will-be-the-most-secure-typo3-version-ever/
The upcoming version 4.5 will include a form protection for improved security.Correct usage of TYPO3 database API
http://buzz.typo3.org/article/correct-usage-of-typo3-database-api/
Check your own code for correct usage of TYPO3 database API in LIKE comparisons!New limitations in jumpUrl feature
http://buzz.typo3.org/teams/security/article/new-limitations-in-jumpurl-feature/
While fixing a vulnerability in the jumpurl feature, some restrictions have been additionally created.Beware of problems when upgrading Front End User Registration to version 2.6.0
http://buzz.typo3.org/teams/security/article/beware-of-problems-when-upgrading-front-end-user-registration-to-version-260/
The TYPO3 Security Team has become aware that upgrading TYPO3 third-party extension Front End User Registration (sr_feuser_register) might cause problems with a security impact.Use of Common Vulnerability Scoring System in TYPO3 Security Advisories
http://buzz.typo3.org/teams/security/article/use-of-common-vulnerability-scoring-system-in-typo3-security-advisories/
The TYPO3 Security Team intends to use CVSS for TYPO3 Core Security Bulletins in future. Learn what CVSS is all about and how you benefit from it!