Skip to main content

Mobile Apps

Maßgeschneidert für Prozesse und Funktionen bieten Apps in der heutigen Zeit eine große Rolle bei der Optimierung. Wir bieten Ihnen einen umfassenden Service bei der Konzeption und Realisierung Anwendungen (Nativ oder als Web App mit Phonegap).

Targeting

We help you find the people you need for business. Online marketing concepts and plans are integrated thru workflows and processes.

360° showrooms

Enhance your business on google maps - and enable people to walk thru your showrooms and more.

Make it your own

This distribution is developed to help you getting an easy entry into TYPO3 CMS. It can be used as an example to play around or to kickstart your own projects.

 

Included features of the Introduction Package

  • TYPO3 CMS custom theme for Twitter Bootstrap
  • Customize the theme via LESS editor backend module
  • All Content Elements mapped to fit Twitter Bootstrap
  • Example additional content elements for carousel and accordion
  • All settings editable via the TypoScript constant editor
  • Responsive images enabled

News System

TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

 

 

 

  • Component Type: TYPO3 CMS core & TYPO3 extensions (third-party plugins)
  • Release Date: December 16, 2021
  • Type: Advisory
  • References:CVE-2021-44228, CVE-2021-45046

Problem Description

The critical vulnerability that was recently exposed in the log4j Java library is currently going  through the media and some TYPO3 users are unsure whether TYPO3 CMS or TYPO3 extensions are affected by this vulnerability too.

TYPO3 CMS and TYPO3 extensions are PHP based software packages and are therefore not affected by the log4j vulnerability. This includes bundled JavaScript components in TYPO3 CMS and TYPO3 extensions (Java and JavaScript are separate programming languages).

Many TYPO3 websites  rely on external services that could be affected by the vulnerability, but only if those external services are  based on Java. Here  are some common scenarios where additional services are used:

  • TYPO3 website includes a website search, which is based on the external services like Apache Solr or Elasticsearch
  • TYPO3 website uses the external service Apache Tika to extract metadata of uploaded files,
  • TYPO3 log files are processed by the external service Logstash,

In all these scenarios, the external services are Java-based software components that use the log4j library and are most  likely affected by the critical log4j vulnerability. 

Recommendation

The TYPO3 Security Team recommends TYPO3 website and server administrators to check if data generated by TYPO3 is logged or processed by Java-based external services in any way. If so, it is important to establish whether the external services use log4j and if they are affected by the vulnerability. 

This reference may be a helpful resource for TYPO3 website and server administrators on how to detect and mitigate the log4j/log4shell vulnerability.

TYPO3 Infrastructure

Affected components and external services used in the TYPO3 infrastructure have been identified and vendor patches have been applied. Affected components did not include any privacy or account-related data.

General Advice

Follow the recommendations given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.