-
To mitigate a potential insecure unserialize issue in the core: Disable the import module of extension impexp for non admin users if the module is not explicitely enabled for this user or group. Introduce userTsConfig option options.impexp.enableImportForNonAdminUser Create a hook in page tree context menu to handle the item removal. The v8 series is not directly affected by the underlying security issue, but 7.6 and 6.2 are. Resolves: #73461 Releases: master, 7.6, 6.2 Security-Commit: 3ce6c6e064b3dd67051c573646e28c636937cd86 Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018 Change-Id: I423122641308a6586cd3977957d4ee0bf0c8ef6b Reviewed-on: https://review.typo3.org/49080 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
9ba09a9f