On tuesday, February 23rd, the TYPO3 development team released the maintenance and security updates of TYPO3 for the versions 6.2 and 7.6. Four security patches and many bugfixes were included. Read on for details …

Fixed Security Vulnerabilities

Security bulletins were published for the following issues:

XML External Entity (XXE) Processing in TYPO3 Core

TYPO3 versions: 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3
Severity: low

 

Cross-Site Scripting in TYPO3 component Backend

TYPO3 versions:  6.2.0 to 6.2.18
Severity: low

 

Cross-Site Scripting in TYPO3 component CSS styled content

TYPO3 versions: 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3
Severity: Medium

 

Denial of Service attack possibility in TYPO3 component Indexed Search

 TYPO3 versions: 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3
Severity: High
All issues are solved by installing the recent versions and do not need any additional action. If you are looking the changed lines of code, which were changed, habe a look at the TYPO3 review system. The patches are tagged with “security”.

You are strongly advised to install the new versions. You can download the packages from TYPO3.org.

If you participate in the TYPO3 4.5 ELTS program, you have already received a notice about the updates.

Bugfixes
Besides the four security issues many bugfixes hit the TYPO3 core.
Version 6.2.18 received two bugfixes. The most current LTS version, version 7, received 21 enhancements and bugfixes since the last release one week before.
Thanks to the TYPO3 Core and Security Team for these releases.