1. 10 Dec, 2014 1 commit
  2. 27 Nov, 2014 2 commits
  3. 22 Oct, 2014 2 commits
  4. 23 Sep, 2014 2 commits
  5. 08 Jul, 2014 2 commits
  6. 22 May, 2014 3 commits
    • TYPO3 Release Team's avatar
      [TASK] Set TYPO3 version to 4.5.35-dev · dd2d0ad3
      TYPO3 Release Team authored
      Change-Id: Iffabf254620824d1d0b7a42e239576bd3aa73791
      Reviewed-on: https://review.typo3.org/30309
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      dd2d0ad3
    • TYPO3 Release Team's avatar
      [RELEASE] Release of TYPO3 4.5.34 · 67deb70e
      TYPO3 Release Team authored
      Change-Id: I296aa228d3d9ffda43cf99a41d3ac36d8b93f439
      Reviewed-on: https://review.typo3.org/30308
      Reviewed-by: TYPO3 Release Team
      Tested-by: TYPO3 Release Team
      67deb70e
    • Helmut Hummel's avatar
      [SECURITY] Add trusted HTTP_HOST configuration · 55d5f385
      Helmut Hummel authored and Oliver Hader's avatar Oliver Hader committed
      TYPO3 uses the values of HTTP_HOST in several
      places without validating them. This could
      lead to a situation where links are generated
      using the host part from HTTP_HOST.
      Since HTTP_HOST headers are user input and
      can be spoofed by an attacker, it leads
      into several potential and actual security issues.
      To address this, a configuration option for
      trusted hosts is added, which is evaluated every
      time getIndpEnv('HTTP_HOST') is called.
      The configuration option is
      $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern']
      and can contain either a regular expression or the
      value "SERVER_NAME"
      To properly output the exception message in case
      the trustedHostPattern does not match,
      we need to adapt the exception handlers slightly
      to not log information in this case and to actually
      show the message even in production context to not
      confuse admins on what is currently going wrong.
      To not break all existing installations, the default
      pattern is set to 'SERVER_NAME' which allows all
      HTTP_HOST values matching the SERVER_NAME (and
      optionally the SERVER_PORT if a port is specified
      in the HTTP_HOST value).
      This will secure all installation which use properly
      configured name based virtual hosts, but leaves
      installations where the web server is not bound
      to a specific host name still in an insecure state.
      Fixes: #30377
      Releases: 6.2, 6.1, 6.0, 4.7, 4.5
      Security-Bulletin: TYPO3-CORE-SA-2014-001
      
      Change-Id: Id210212e6fbd186a273f92b340d5060e9c6f900d
      Reviewed-on: https://review.typo3.org/30275
      Reviewed-by: Oliver Hader
      Tested-by: Oliver Hader
      55d5f385
  7. 16 Apr, 2014 2 commits
  8. 10 Dec, 2013 2 commits
  9. 26 Nov, 2013 2 commits
  10. 12 Sep, 2013 2 commits
  11. 30 Jul, 2013 2 commits
  12. 23 Jul, 2013 2 commits
  13. 24 May, 2013 2 commits
  14. 03 May, 2013 2 commits
  15. 28 Apr, 2013 1 commit
  16. 22 Apr, 2013 2 commits
  17. 11 Apr, 2013 1 commit
    • Anja Leichsenring's avatar
      [BUGFIX] Allow Setting colorspace in the Install Tool. · b07277d5
      Anja Leichsenring authored
      Some versions of Imagemagick (6.7.0 and above) use the sRGB colorspace
      instead RGB as before. This results in darker images after processing,
      because TYPO3 hardcoded the RGB colorspace in graphical functions.
      
      This patch introduces a setting in the GFX part of the Install Tool,
      lets the user choose the sufficient colorspace.
      This selection is used in graphical functions.
      
      Additionaly a hint on the setting was added to the Image Processing Test
      'Read Images' in the Install Tool.
      
      Fixes: #36597
      Releases: 6.1, 6.0, 4.7, 4.5
      Change-Id: I50a26c414705afa3177a2f12fc3bb4532c2d0f7f
      Reviewed-on: https://review.typo3.org/19725
      Reviewed-by: Philipp Gampe
      Tested-by: Philipp Gampe
      Reviewed-by: Xavier Perseguers
      Tested-by: Xavier Perseguers
      Reviewed-by: Anja Leichsenring
      Tested-by: Anja Leichsenring
      b07277d5
  18. 07 Mar, 2013 3 commits
  19. 06 Mar, 2013 2 commits
  20. 14 Feb, 2013 2 commits
  21. 23 Jan, 2013 1 commit