TYPO3 Bugfix- und Security Update

Wichtiges Bugfix-Update vom 22. Mai 2014 für die von uns eingesetzten TYPO3-Branches:

TYPO3 6.2 LTS - Update auf Version 6.2.3
TYPO3 6.1       - Update auf Version 6.1.9
TYPO3 6.0       - Update auf Version 6.0.14
TYPO3 4.7       - Update auf Version 4.7.19
TYPO3 4.5 LTS - Update auf Version 4.5.34

Bei allen Kunden-Websites mit TYPO3-Wartungsverträgen wurden die TYPO3-Updates, sowie die Updates für installierte Extensions und Sprach-Updates bereits von uns eingespielt.

Neuerungen in Version 6.2.3 LTS
[RELEASE] Release of TYPO3 6.2.3 (TYPO3 Release Team)
[SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
[SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
[SECURITY] XSS in new content element wizard (Marcus Krause)
[SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
[SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
[SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
[SECURITY] Session timeout can be circumvented once (Markus Klein)
[SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
[BUGFIX] RTE Remove Format removes too much (Stanislas Rolland)
[BUGFIX] indexed_search plugin cannot be translated (Robert Vock)
[BUGFIX] Missing check if $row[t3ver_state] is set in IconUtility (Frans Saris)
[TASK] Cleanup DataHandler functional tests (Oliver Hader)
[TASK] Extend DataHandler IRRE functional tests (Oliver Hader)
[TASK] Unify DataHandler test structure (Oliver Hader)
[BUGFIX] Wrong system requirements link (Markus Klein)
[BUGFIX] Wrong path reference for installToolPassword option (Markus Klein)
[BUGFIX] Restore registers before early returns (Jo Hasenau)
[BUGFIX] Don't rely on not found database records impexp (Marc Bastian Heinrichs)
[BUGFIX] MM relations are not correctly resolved in Backend view (Oliver Hader)
[BUGFIX] Invalid module token in openid wizard (Markus Klein)
[BUGFIX] Sprite icons not shown (Frans Saris)
[BUGFIX] Category tab not shown for file when filemetadata installed (Frans Saris)
[BUGFIX] Remove failing extension installations (Nicole Cordes)
[BUGFIX] DataProviderContext uses wrong member field in setter (Tim Schreiner)
[TASK] Update to phpunit 4.1 (Christian Kuhn)
[SECURITY] Extbase must not cache dynamic parts of queries (Markus Klein)
[BUGFIX] Check if storage exists before accessing it (Christian Weiske)
[BUGFIX] Use file name in delete confirmation message (Christian Weiske)
[BUGFIX] LocalizationUtility methods should be static (Christian Kuhn)
[TASK] Add PHP 5.6 as travis-ci environment (Christian Kuhn)
[TASK] Set TYPO3 version to 6.2.3-dev (TYPO3 Release Team)

Neuerungen in Version 6.1.9
[RELEASE] Release of TYPO3 6.1.9 (TYPO3 Release Team)
[SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
[SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
[SECURITY] XSS in new content element wizard (Marcus Krause)
[SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
[SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
[SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
[SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
[SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
[BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
[BUGFIX] Wrong system requirements link (Markus Klein)
[BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
[BUGFIX] Solve stackoverflow in prototype in IE8 (Jigal van Hemert)
[BUGFIX] Default image title in RTE contains the file name (Stanislas Rolland)
[BUGFIX] Wrong result on empty string globalString condition (Marc Bastian Heinrichs)
[BUGFIX] saltedpasswords: Check rsaauth loading (Nicole Cordes)
[BUGFIX] SoftReferenceIndex support for more values in class attribute (Marc Bastian Heinrichs)
[BUGFIX] Retrieving extension fails with some PHP versions (Sascha Wilking)
[BUGFIX] Wrong comment in ActionMenuViewHelper (Markus Klein)
[BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
[TASK] Set TYPO3 version to 6.1.9-dev (TYPO3 Release Team)

Neuerungen in Version 6.0.14
[RELEASE] Release of TYPO3 6.0.14 (TYPO3 Release Team)
[SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
[SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
[SECURITY] XSS in new content element wizard (Marcus Krause)
[SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
[SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
[SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
[SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
[SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
[BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
[BUGFIX] FlashMessageService not available in TYPO3 6.0 (Oliver Hader)
[BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
[BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
[TASK] Set TYPO3 version to 6.0.14-dev (TYPO3 Release Team)

Neuerungen in Version 4.7.19
[RELEASE] Release of TYPO3 4.7.19 (TYPO3 Release Team)
[SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
[SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
[SECURITY] XSS in new content element wizard (Markus Klein)
[SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
[SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
[SECURITY] Encode URL for use in JavaScript (Markus Klein)
[SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
[SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
[TASK] Set TYPO3 version to 4.7.19-dev (TYPO3 Release Team)

Neuerungen in Version 4.5.34 LTS
[RELEASE] Release of TYPO3 4.5.33 (TYPO3 Release Team)
[TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
[BUGFIX] Use validEmail() instead of deprecated checkEmail() (Stefan Neufeind)
[BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
[TASK] Integrate default README.txt (Oliver Hader)
[SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
[BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
[BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
[BUGFIX] Namespace usage in test (Christian Kuhn)
[BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
[BUGFIX] DocumentTemplate class inserts inDocStyles twice (Stefan Neufeind)
[BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
[TASK] Optimize speed for instantiating class with arguments" (Ernesto Baschny)
[TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
[BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
[TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
[BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
[BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
[TASK] Set TYPO3 version to 4.5.33-dev (TYPO3 Release Team)