TYPO3 security updates
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

TYPO3 security updates

  • 2,131 views
Uploaded on

When should an administrator update a TYPO3 system?

When should an administrator update a TYPO3 system?

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,131
On Slideshare
2,069
From Embeds
62
Number of Embeds
3

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 62

http://www.in2code.de 57
http://relaunch.in2code.de 4
http://www.slideshare.net 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 25 January 2010 TYPO3 + Ext Updates
  • 2. Index Part I Recognise critical problems – In extensions – In the TYPO3 core Part II Update process - Extensions - TYPO3 core
  • 3. Recognise critical problems Be aware of TYPO3 core and extension updates which are solving possible security problems Subscribe and read security RSS feed http://news.typo3.org/news/teams/security/rss.xml
  • 4. Part I: Recognise critical problems In TYPO3 extensions
  • 5. Recognise critical problems - Extensions
  • 6. Recognise critical problems - Extensions Have a look into your extension list (which extensions are installed) Note: Extension Manager is available for admins only
  • 7. Recognise critical problems - Extensions Compare extension Keys Installed extensions in TYPO3 Extensions which have to be updated Installed Extensions Extensions with sec fixes Content_help 1.1.0 mk_anydropd <= 0.3.28 wt_ttaddress_ 0.0.0 ownmenu extend goof_fotoboek <= 1.7.14 kickstarter 0.4.0 ref_list <= 1.0.1 … …
  • 8. Recognise critical problems - Extensions If you found a match – Even try to contact the admin (mail + phone) – Check the installed version – Read the security note • What kind of security problem? – Check severity • Is there a new version available in the TER? – Yes, so please update (see part II) – No, deactivate Plugin in Ext Manager (see part II)
  • 9. Part I: Recognise critical problems In the TYPO3 core
  • 10. Recognise critical problems – TYPO3 core
  • 11. Recognise critical problems – TYPO3 core Is this an urgent needed update? Update! 1) Severity: Critical 2) This seems to be a high potencial problem with could be exploit directly from the Frontend. 3) Description of a possible hack of the CMS settings
  • 12. Recognise critical problems – TYPO3 core Is this an urgent needed update? Let the admin do this job 1) Severity: High 2) Problem description starts with „By using an OpenID identity…“ OpenID is not used in our installation at the moment 3) Openid is disabeld by default
  • 13. Recognise critical problems - Extensions If there is a security which should be fixed immediatly – Even try to contact the admin (mail + phone) – Check the version of the currently used CMS You will see the version with a backend login – Update TYPO3 (see part II)
  • 14. Part II: Update process Extensions
  • 15. Update process – Extensions – note Pro: Extension updates are very easy to handle Con: Extension updates can mainly results in Frontend malfunctions Note: You need a Backend admin access to make an update Note: Please try to contact the admin before you are going to make an update (via email and phone)
  • 16. Update process - Extensions – note If there is no newer version available in the TER, please deactivate the extension in the Ext Manager by clicking the green icon
  • 17. Update process – Extensions – Backup First of all, please make a backup of the existing extension in the extension manager This results in a *.t3x file, which can be downloaded and stored on your harddrive
  • 18. Update process – Extensions – function test Please make a short function test of the extension before you‘re going to make an update Example for the extension „powermail“: Make a test with filling out a form and send it.
  • 19. Update process – Extensions – Update 1. Choose the Ext Manager 2. Choose Import extensions 3. Retriefe/Update (and wait some seconds) 4. Search for an extension key
  • 20. Update process – Extensions – Update Click update And again update
  • 21. Update process – Extensions – function test II Please make a short function test after the update FE and BE! Example for the extension „powermail“: Make a test with filling out a form and send it.
  • 22. Update process – Extensions – Errors and malfunction In some special cases there could happen some errors which are blockating further functions Please retry to contact the admin Deactivate the updated extension (see first update note)
  • 23. Part II: Update process TYPO3 core
  • 24. Update process – TYPO3 core – note Pro: Malfunctions are not so often like in extension updates Con: TYPO3 updates are not so easy to handle Note: You need a FTP access to the server Note: Please try to contact the admin before you are going to make an update (via email and phone)
  • 25. Update process – TYPO3 core – Backup Connect with your FTP client (e.g. Filezilla) to the server and download (for a backup): - Folder: typo3 - Folder: t3lib - File: index.php
  • 26. Update process – TYPO3 core – Get a new core 1. Open the URL typo3.org 2. click on download 3. Click on zip/tar.gz packages 4. Download Source ZIP (Keep bugfix version: e.g. 4.3.0 to 4.3.1 or 4.2.10 to 4.2.11) 5. Extract zip file
  • 27. Update process – TYPO3 core – Overwrite old core Connect again with your FTP client (e.g. Filezilla) to the server and upload (completely overwrite): - Folder: typo3 - Folder: t3lib - File: index.php
  • 28. Update process – TYPO3 core – Function test Please check the frontend functions Login to the backend Clear complete cache Check backend functions Check frontend functions again
  • 29. Update process – TYPO3 core – Errors and malfunction In some special cases there could happen some fatal errors which are blockating further functions Please retry to contact the admin or the server admin
  • 30. Always keep your eyes open