25 January 2010


TYPO3 + Ext Updates
Index




    Part I
    Recognise critical problems
    – In extensions
    – In the TYPO3 core

    Part II
    Update p...
Recognise critical problems


     Be aware of TYPO3 core and extension updates
     which are solving possible security p...
Part I:

Recognise critical problems
      In TYPO3 extensions
Recognise critical problems - Extensions
Recognise critical problems - Extensions

     Have a look into your extension list
     (which extensions are installed)
...
Recognise critical problems - Extensions

     Compare extension Keys
Installed extensions in TYPO3              Extension...
Recognise critical problems - Extensions




    If you found a match
    – Even try to contact the admin (mail + phone)
 ...
Part I:

Recognise critical problems
       In the TYPO3 core
Recognise critical problems – TYPO3 core
Recognise critical problems – TYPO3 core

    Is this an urgent needed update?

                                     Updat...
Recognise critical problems – TYPO3 core

    Is this an urgent needed update?

                                     Let t...
Recognise critical problems - Extensions




    If there is a security which should be fixed
    immediatly
    – Even tr...
Part II:

Update process
   Extensions
Update process – Extensions – note



    Pro: Extension updates are very easy to handle

    Con: Extension updates can m...
Update process - Extensions – note

    If there is no newer version available in the TER,
    please deactivate the exten...
Update process – Extensions – Backup




    First of all, please make a backup of the existing
    extension in the exten...
Update process – Extensions – function test


     Please make a short function test of the extension
     before you‘re g...
Update process – Extensions – Update
                                       1. Choose the
                                ...
Update process – Extensions – Update


                                       Click update




                           ...
Update process – Extensions – function test II

     Please make a short function test after the
     update FE and BE!

 ...
Update process – Extensions – Errors and malfunction




    In some special cases there could happen some
    errors whic...
Part II:

Update process
   TYPO3 core
Update process – TYPO3 core – note



    Pro: Malfunctions are not so often like in
    extension updates

    Con: TYPO3...
Update process – TYPO3 core – Backup


    Connect with your FTP client (e.g. Filezilla) to the
    server and download (f...
Update process – TYPO3 core – Get a new core

                                               1. Open the URL
             ...
Update process – TYPO3 core – Overwrite old core


    Connect again with your FTP client (e.g. Filezilla)
    to the serv...
Update process – TYPO3 core – Function test




    Please check the frontend functions

    Login to the backend

    Cle...
Update process – TYPO3 core – Errors and malfunction




    In some special cases there could happen some
    fatal error...
Always keep your eyes open
Upcoming SlideShare
Loading in …5
×

TYPO3 security updates

2,047 views

Published on

When should an administrator update a TYPO3 system?

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,047
On SlideShare
0
From Embeds
0
Number of Embeds
64
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TYPO3 security updates

  1. 1. 25 January 2010 TYPO3 + Ext Updates
  2. 2. Index Part I Recognise critical problems – In extensions – In the TYPO3 core Part II Update process - Extensions - TYPO3 core
  3. 3. Recognise critical problems Be aware of TYPO3 core and extension updates which are solving possible security problems Subscribe and read security RSS feed http://news.typo3.org/news/teams/security/rss.xml
  4. 4. Part I: Recognise critical problems In TYPO3 extensions
  5. 5. Recognise critical problems - Extensions
  6. 6. Recognise critical problems - Extensions Have a look into your extension list (which extensions are installed) Note: Extension Manager is available for admins only
  7. 7. Recognise critical problems - Extensions Compare extension Keys Installed extensions in TYPO3 Extensions which have to be updated Installed Extensions Extensions with sec fixes Content_help 1.1.0 mk_anydropd <= 0.3.28 wt_ttaddress_ 0.0.0 ownmenu extend goof_fotoboek <= 1.7.14 kickstarter 0.4.0 ref_list <= 1.0.1 … …
  8. 8. Recognise critical problems - Extensions If you found a match – Even try to contact the admin (mail + phone) – Check the installed version – Read the security note • What kind of security problem? – Check severity • Is there a new version available in the TER? – Yes, so please update (see part II) – No, deactivate Plugin in Ext Manager (see part II)
  9. 9. Part I: Recognise critical problems In the TYPO3 core
  10. 10. Recognise critical problems – TYPO3 core
  11. 11. Recognise critical problems – TYPO3 core Is this an urgent needed update? Update! 1) Severity: Critical 2) This seems to be a high potencial problem with could be exploit directly from the Frontend. 3) Description of a possible hack of the CMS settings
  12. 12. Recognise critical problems – TYPO3 core Is this an urgent needed update? Let the admin do this job 1) Severity: High 2) Problem description starts with „By using an OpenID identity…“ OpenID is not used in our installation at the moment 3) Openid is disabeld by default
  13. 13. Recognise critical problems - Extensions If there is a security which should be fixed immediatly – Even try to contact the admin (mail + phone) – Check the version of the currently used CMS You will see the version with a backend login – Update TYPO3 (see part II)
  14. 14. Part II: Update process Extensions
  15. 15. Update process – Extensions – note Pro: Extension updates are very easy to handle Con: Extension updates can mainly results in Frontend malfunctions Note: You need a Backend admin access to make an update Note: Please try to contact the admin before you are going to make an update (via email and phone)
  16. 16. Update process - Extensions – note If there is no newer version available in the TER, please deactivate the extension in the Ext Manager by clicking the green icon
  17. 17. Update process – Extensions – Backup First of all, please make a backup of the existing extension in the extension manager This results in a *.t3x file, which can be downloaded and stored on your harddrive
  18. 18. Update process – Extensions – function test Please make a short function test of the extension before you‘re going to make an update Example for the extension „powermail“: Make a test with filling out a form and send it.
  19. 19. Update process – Extensions – Update 1. Choose the Ext Manager 2. Choose Import extensions 3. Retriefe/Update (and wait some seconds) 4. Search for an extension key
  20. 20. Update process – Extensions – Update Click update And again update
  21. 21. Update process – Extensions – function test II Please make a short function test after the update FE and BE! Example for the extension „powermail“: Make a test with filling out a form and send it.
  22. 22. Update process – Extensions – Errors and malfunction In some special cases there could happen some errors which are blockating further functions Please retry to contact the admin Deactivate the updated extension (see first update note)
  23. 23. Part II: Update process TYPO3 core
  24. 24. Update process – TYPO3 core – note Pro: Malfunctions are not so often like in extension updates Con: TYPO3 updates are not so easy to handle Note: You need a FTP access to the server Note: Please try to contact the admin before you are going to make an update (via email and phone)
  25. 25. Update process – TYPO3 core – Backup Connect with your FTP client (e.g. Filezilla) to the server and download (for a backup): - Folder: typo3 - Folder: t3lib - File: index.php
  26. 26. Update process – TYPO3 core – Get a new core 1. Open the URL typo3.org 2. click on download 3. Click on zip/tar.gz packages 4. Download Source ZIP (Keep bugfix version: e.g. 4.3.0 to 4.3.1 or 4.2.10 to 4.2.11) 5. Extract zip file
  27. 27. Update process – TYPO3 core – Overwrite old core Connect again with your FTP client (e.g. Filezilla) to the server and upload (completely overwrite): - Folder: typo3 - Folder: t3lib - File: index.php
  28. 28. Update process – TYPO3 core – Function test Please check the frontend functions Login to the backend Clear complete cache Check backend functions Check frontend functions again
  29. 29. Update process – TYPO3 core – Errors and malfunction In some special cases there could happen some fatal errors which are blockating further functions Please retry to contact the admin or the server admin
  30. 30. Always keep your eyes open

×