2017
08.09
TYPO3 – Security issues in repository

According to an official security warning, since August 23, third parties could have replaced, under certain conditions, extensions with manipulated versions. Meanwhile the loophole is to be closed. The responsible persons behind Typo3 indicate that they have checked the checksums (SHA-256) of all extensions uploaded before 08/22/2017. These are intended to ensure integrity according to the results. The 56 extensions made available by developers after this day, the Typo3 team precautionally marked as unsafe – at worst they could be contaminated with malicious code. The extensions listed in the Security Warning should either delete users or replace them with a current version.

The extensions concerned are:
advancedtitle (0.0.4, 0.0.5), aimeos (17.7.1), aimeos_pay (17.8.0, 17.8.1), aip_vimeo (8.7.3), aws_sdk_php (3.33.4, 3.34.0, 3.34.1, 3.34.2, 3.35.0, 3.35.1, 3.35.2), cart_pdf (1.3.0, 2.0.0, 2.0.1), cl_metatags (2.0.4), cookie_hint (1.0.0, 1.0.1, 1.0.2), cookie_question (0.1.0), datamints_feuser, (0.11.7, 0.11.8), div2007 (1.7.10), femanager (3.1.1), feusersmap (0.8.2), frp_form_answers (1.0.0, 1.0.1), go_maps_ext (2.3.0), hh_ckeditor_custom (0.1.1), ipm_cline (1.2.0), includekrexx (2.3.0), maps2 (2.9.0), my_user_management (3.3.0, 3.3.1, 3.3.2, 3.3.3), news (6.1.0), patchem (0.1.0), powermail (3.22.0), px_hybrid_auth (3.1.1), px_semantic (2.5.0), realurl_clearcache2 (1.0.0, 1.0.1, 2.0.0), recordsmanager (1.4.0), skfbalbums (0.0.1, 0.0.2), static_info_tables_pt (6.3.2), test_foo (0.1.0, 0.1.1), turn (0.1.1), url_redirect (1.1.0, 1.1.1), vhs (4.3.0), wfqbe (7.6.2)

back