Posts tagged "typo3"

Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

   In TYPO3 CMS, protection against CSRF has been implemented for many important actions (like creating, editing or deleting records) but is still missing in other places (like Extension Manager, file upload, configuration module). The upcoming 6.2 LTS version will finally close this gap and will protect editors or administrators from these kind of attacks. Since this kind of security improvement cannot be done without potentially breaking third party extensions, this additional security feature will only be part of TYPO3 CMS 6.2 and will not be backported to older versions.Solution: Since user action is always involved in this attack technique the risk can be mitigated greatly by not using the default web browser to log into a TYPO3 Backend and always log out once the work is finished.

TYPO3 code sprint for beta5

As a result of the work at the code sprint last weekend beta5 of TYPO3 CMS 6.2 LTS was released. Here are the most notable changes were done in these areas:

  • More Performance!
  • Package Management improvements
  • File Abstraction Layer: enhancements in the API and Drag&Drop uploader
  • Cleanups in css_styled_content
  • The deprecation log is by default turned off. TYPO3 is shipped in "Production Mode".
  • Updated RequireJS and JQuery
  • Workspaces functional test cases
  • Template Analyser fixes

 

Read more here

 

Alert: What's Coming for Open Source CMS in February 2011

dotCMS

The folks at dotCMS (news, site) plan to release version 1.9.2 in February, marking the second major release in the 1.9 series. New features include:

  • Inline editing
  • A host dashboard, displaying site trends and usage statistics for site owners and marketers
  • An activity stream reporter, showing users' usage and activity
  • Cache tags for web developers to statically cache arbitrary blocks of templates, containers, pages or content code for increased performance
  • A new auto-updater for system upgrades
  • An Italian language translation

In addition to these new features, one of the more extensive additions revolves around image editing. Content creators get the ability to edit images within dotCMS, with options such as resizing, cropping, rotating, adjusting hue, saturation, brightness and colors, and saving out different image types. Content editors get a clipboard where they can create edited versions of images (called renditions), select which one they want to use and then paste it into content.

Some existing features also got improvements in addition to the various bug fixes and performance improvements:

  • All images and icons from the backend are now rendered as sprites, using just 2 images, to improve performance
  • Recurring events are now stored individually in the system so a particular instance can be edited separately
  • The ability to import content with the content identifier as the primary key

DotNetNuke

In January, DotNetNuke Corp. (news, site) introduced support for two new Microsoft (news, site) products: WebMatrix and Razor. WebMatrix integration offers a development environment suitable for those with little technical experience building DotNetNuke sites, and Razor integration makes it easier for technical users to to build DotNetNuke extensions.

DotNetNuke was also selected as part of Microsoft's Technology Adoption Program (TAP) for Windows Azure, and provided training materials for the Microsoft Web Camps program. Finally, the company named Bob Cortale as the Senior Vice President of Sales. Cortale will be responsible for building, developing and managing their global sales force and product support organization.

Drupal

In January, the Drupal (news, site) project finished this little release called Drupal 7. If you want some insight on where Drupal's headed next, check out project founder and leader Dries Buytaert's blog.

Drupal company Acquia (news, site) added file system reliability and performance enhancements to their Acquia Hosting product, and support for custom Varnish page caching configurations for those using dedicated load balancers. They also made a number of additions to Drupal Gardens (news, site), including:

  • Basic right to left support for their themes, for those using languages such as Hebrew and Arabic
  • The ability to bulk delete gallery items
  • Enhancements to Drupal 7's editor usability
  • Performance enhancements to the ThemeBuilder

Acquia also released Drupal Commons 1.3 beta. New items for this released include:

  • User badges as community participation rewards, with various ranks and icons
  • Usability improvements, decluttering some pages and increasing customizability of others
  • New default graphics
  • Breaking the commons apart further to allow more granular feature customization
  • Improved multilingual support for global organizations

With this release, the Drupal Commons project transitioned to GitHub, allowing other developers to have access to the repository for both grabbing the code and submitting enhancements. GA release of Drupal Commons is expected within February.

Ephesoft

In January, Ephesoft (news, site) announced that Zia Consulting became the first system integrator to deploy Ephesoft's Intelligent Document Capture System to the Amazon cloud. The company also opened its EU headquarters in Maidenhead, UK, to work with its European partners.

The month also brought new features such as out of the box reporting for Windows-based platforms through Ephesoft's thin client, which is built on Google (news, site) Web Tools. Reports give insight into operator productivity and the system throughout, and partners can extend the reporting module using other reporting tools.

In February, Ephesoft continues working on a Linux version of their Intelligent Document Capture System, which will include another open source project, Tesseract v3.0 for its OCR engine. They anticipate that it will be available within the next two months.

Hippo CMS

In January, the folks at Hippo CMS (news, site) released Hippo CMS 7.5. This version brings new features such as:

  • A Template Composer that lets the end user change the page template layout within the site
  • Support for multiple translations of documents and folders
  • Support for Jackrabbit 2.1
  • An HST REST engine
  • An HST JAAS Login Module and Form-based Login Servlet support
  • Cross-domain and channel-aware linking, even across hosts
  • Multi-domain, multi-site, and multi-channel HST configuration
  • Support for Freemarker templates
  • Locale support per (sub)site

Thanks to partner Finalist, Hippo CMS now integrates with Liferay (news, site), donating the integration code to the Hippo open source community. Hippo has also announced a partnership with Smile, a major French integrator of open source solutions.

Joomla!

In January, the Joomla! (news, site) project released Joomla 1.6. New features include:

  • Advanced Access Control Lists
  • Nested categories
  • Template styles
  • Administrator UI improvements
  • New multi-language support
  • SEO improvements
  • Built-in 301 redirect system
  • Improved framework

There's a migration guide for those who have concerns about upgrading. This release was considered part of the Microsoft CodeMash, and the project held JoomlaDay Chile 2011 with nearly 500 attendees.

In February, the focus turns toward updating Joomla extensions and templates, and the Joomla core team is preparing for the next release, codenamed Bowerbird. In the meantime, the Joomla 1.6 release parties continue until February 7. There's a Joomla! Night coming on February 4 in Stockholm, Sweden, featuring the theme "Joomla: At the edge of innovation." The next day is a Nooku code jam, where Nooku is Joomla's development framework. Finally, there's a Joomla!Day coming in the Netherlands on April 2 - 3.