-
The PHP library `symfony/rate-limiter` has been integrated in order to provide a rate limiting API for the TYPO3 core and extensions. As a new system default, the TYPO3 backend and frontend login now uses a rate limiter, which prevents further authentication attempts for an IP address, if a configurable amount of login attempts is exceeded in a given time. The hardcoded wait time of 5 seconds after a failed login has been removed, since it offers no real protection against brute force attacks. The following dependencies are introduced: * symfony/rate-limiter "^5.3" Resolves: #93825 Releases: master Change-Id: Ib248b78b501a4d50556aa97938f4c51f12f7522a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68624 Tested-by:
core-ci <typo3@b13.com>
Tested-by: 
Jochen <rothjochen@gmail.com>
Tested-by: Benni Mack <benni@typo3.org> Reviewed-by:
Jochen <rothjochen@gmail.com>
Reviewed-by: 939003e5
