From release announce.
-----------------------------------------------------------------------
Dear TYPO3 users,
we are announcing the release of the following TYPO3 updates:
- TYPO3 4.2.8
- TYPO3 4.1.12
- TYPO3 4.0.13
All versions are maintenance releases and contain only bugfixes
and minor security improvements (no critical fixes of vulnerabilities).
Notice: Due to a bug which was reported to us short after the release of
TYPO3 versions 4.1.11 and 4.2.7, we stopped the release of the
announcement and prepared new versions that fix this (minor) issue.
TYPO3 4.0.13 which was already released yesterday was not affected by
this bug.
For details about the release, visit the following websites:
http://wiki.typo3.org/TYPO3_4.2.8http://wiki.typo3.org/TYPO3_4.1.12http://wiki.typo3.org/TYPO3_4.0.13
Quote from release announce is here and see ChangeLog for detail.
All versions are maintenance releases and contain bugfixes
and security fixes.
IMPORTANT: These versions include an important security fix
to the TYPO3 core. A security announcement has just been
released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
All versions are maintenance releases and contain only bugfixes.
IMPORTANT: These versions contain important fixes of regressions from
the earlier versions released 20 January 2009, but they do not contain
additional security fixes.
ChangeLog:
2009-01-24 Ingmar Schlecht <ingmar@typo3.org>
* Release of TYPO3 4.2.5
2009-01-24 Ingmar Schlecht <ingmar@typo3.org>
* Fixed bug #10205: DB session record is only created when user is authenticated (thanks also to Michael Stucki)
2009-01-20 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #9345: Bug: CSV export includes _CLIPBOARD_ in header row (thanks to Christian Kuhn)
This update contains security fixes and please refer ChangeLog file
for full changes.
1. System extension Install tool (install)
Insecure Randomness
2. Authentication library
Broken Authentication and Session Management
3. System extension Indexed Search Engine (indexed_search)
Cross-Site Scripting, Remote Command Execution
4. System extension ADOdb (adodb)
Cross-Site Scripting
5. Workspace module
Cross-Site Scripting
After update, you will need to create a new encryption key.
(1) Upgrade to the new TYPO3 version.
(2) Clear the configuration cache
(3) Open the install tool and choose menu 1 ("Basic Configuration").
(4) Scroll to the bottom of the page and click on the button
"Generate random key".
(5) Submit the form by clicking on "Update localconf.php".
(6) Clear the configuration and page cache again.
* Allow depends on php-pgsql.
* Handle ${TYPO3DIR}/${SITEDIR}/typo3conf/localconf.php as configuration
file with CONF_FILES_PERMS.
* Install README file, very simple guide for set up.
Bump PKGREVISION.
TYPO3 is a free Open Source content management system for enterprise
purposes on the web and in intranets. It offers full flexibility and
extendability while featuring an accomplished set of ready-made
interfaces, functions and modules.
