Dear TYPO3 users,
the TYPO3 Security Team has just released the following security bulletin and?
public service announcement:
1) TYPO3-EXT-SA-2018-010: Cross-Site Scripting in extension "libconnect"
(libconnect)
It has been discovered that the extension "libconnect" (libconnect) is?
susceptible to Cross-Site Scripting.
For further information on the issue, please read the related advisory
TYPO3-EXT-SA-2018-010 which was published today:
[1]https://typo3.org/security/advisory/typo3-ext-sa-2018-010/
2) TYPO3-PSA-2018-002: Web Resource Restrictions
It has been discovered that development related information can be retrieved
by?
regular HTTP GET requests on NGINX web server environments missing strict
access?
restriction settings.
For further information on the issue, please read the related Public?
Service Announcement TYPO3-PSA-2018-002 which was published today:
[2]https://typo3.org/security/advisory/typo3-psa-2018-002/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
[3]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
Make sure you are subscribed to the TYPO3 Announce List:
[4]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
[5]https://typo3.org/help/security-advisories/
Regards,
Torben Hansen
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: [6]https://typo3.org/teams/security/
E-Mail: security@typo3.org
Please note: When replying to this e-mail, please leave the header intact.
[1] https://typo3.org/security/advisory/typo3-ext-sa-2018-010/
[2] https://typo3.org/security/advisory/typo3-psa-2018-002/
[3] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
[4] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
[5] https://typo3.org/help/security-advisories/
[6] https://typo3.org/teams/security/
