TYPO3 Enterprise Content Management System

• About this group
• Forums

• Home
• Groups
• TYPO3 Enterprise Content Managemen ...
• Forums
• TYPO3 News Channel
• TYPO3 versions 4.1.4 and 4.0.8 are ready for download

• 
  Christopher Friedmann    Premium Member   Group moderator

  The company name is only visible to registered members.

  TYPO3 versions 4.1.4 and 4.0.8 are ready for download

  TYPO3 versions 4.1.4 and 4.0.8 are ready for download. They are maintenance releases of versions 4.1 and 4.0 and therefore contain only bugfixes. No database update is necessary to perform the upgrade.
  
  Notable changes in 4.0.8:
  * The above mentioned security fix to indexed_search
  * A bugfix to image generation
  
  Notable changes in 4.1.4:
  * Fixed a low-severity SQL injection in the modfunc2 of
  indexed_search
  o The issue was only exploitable by BE users
  o The severity of the issue was limited because addslashes()
  was already applied to the value - yet not within a quoted
  string
  o For details see the bulletin [1]
  * Translated language files were not always loaded
  * A couple of issues with HTMLArea have been fixed
  * Fixes of "Limit to Language" functionality
  * Fixes regarding Inline Relational Record Editing (IRRE):
  o Htmlarea is not show in child records if parent has no RTE
  o Combination mode doesn't save new child records correctly
  o Palettes are not always rendered correctly
  * Flexforms didn't resolve sheets correctly causing "Cannot use
  string offset as an array" error message
  
  For details about the releases, see:
  http://wiki.typo3.org/index.php/TYPO3_4.1.4
  http://wiki.typo3.org/index.php/TYPO3_4.0.8
  
  Download:
  http://typo3.org/download/packages/
  
  [1] Indexed Search SQL Injection - Security Bulletin http://typo3.org/teams/security/security-bulletins/typo3-200...
  
  Autor: Ingmar Schlecht (TYPO3 Association Active Member)
  
  
  .best regards
  Christopher Friedmann
  
  • 11 Dec 2007, 9:26 pm
  Christopher Friedmann wrote: > TYPO3 versions 4.1.4 and 4.0.8 are ready for download. They are > maintenance releases of versions 4.1 and 4.0 and therefore contain > only bugfixes. No database update is necessary to perform the upgrade. > > Notable changes in 4.0.8: > * The above mentioned security fix to indexed_search > * A bugfix to image generation > > Notable changes in 4.1.4: > * Fixed a low-severity SQL injection in the modfunc2 of > indexed_search > o The issue was only exploitable by BE users > o The severity of the issue was limited because addslashes() > was already applied to the value - yet not within a quoted > string > o For details see the bulletin [1] > * Translated language files were not always loaded > * A couple of issues with HTMLArea have been fixed > * Fixes of "Limit to Language" functionality > * Fixes regarding Inline Relational Record Editing (IRRE): > o Htmlarea is not show in child records if parent has no RTE > o Combination mode doesn't save new child records correctly > o Palettes are not always rendered correctly > * Flexforms didn't resolve sheets correctly causing "Cannot use > string offset as an array" error message > > For details about the releases, see: > http://wiki.typo3.org/index.php/TYPO3_4.1.4 > http://wiki.typo3.org/index.php/TYPO3_4.0.8 > > Download: > http://typo3.org/download/packages/ > > [1] Indexed Search SQL Injection - Security Bulletin > http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/ > > Autor: Ingmar Schlecht (TYPO3 Association Active Member) > > > .best regards > Christopher Friedmann