Dear Users of TYPO3,
Several vulnerabilities have been found in the following third-party TYPO3
extensions:
- News system (news), Version 1.3.2 and all versions below
- One-time FE account (onetimeaccount), Version 0.8.0 and all versions below
- PHPUnit (phpunit), Version 3.5.14 and all versions below
- Static Methods since 2007 (div2007), Version 0.10.1 and all versions below
- T3 Mootools (t3mootools), Version 1.3.0 and all versions below
- T3 jQuery (t3jquery), Version 2.2.0 and all versions below
- 1-Click-Login (oneclicklogin), Version 0.4.0 and all versions below
For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-EXT-SA-2013-001 that was published today:
<http: typo3.org teams security security-bulletins typo3-extensions typo3-ext-sa-></http:>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
<http: typo3.org extension-manuals doc_guide_security current></http:>
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.typo3.org cgi-bin mailman listinfo typo3-announce>
See all TYPO3 security advisories:
<http: typo3.org teams security security-bulletins></http:>
Regards,
Markus Bucher
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: <a href="http://typo3.org/teams/security/" target="_blank" rel="noreferrer">http://typo3.org/teams/security/</a>
E-Mail: security@typo3.org
Please note: When replying to this e-mail, please leave the header intact.</http:>
