TYPO3 Patch Collection

This project aims to collect and to provide at first place security patches for TYPO3 versions where the official support has ended. However, you may also find here in some rare cases non-security patches that may fix certain bugs or may introduce a backported feature from a newer TYPO3 Version.

Although some of these patches were directly published by the TYPO3 developer team, other patches might come from community members and the functionality, quality or security impact couldn't be tested in every aspect.

These patches are distributed in the hope that they will be useful, but WITHOUT ANY WARRANTY!

If you still have a website running a version of TYPO3 that reached End-of-Life (EOL) then you are strongly encouraged to upgrade to an actively maintained Long Term Support (LTS) version of TYPO3!

=======

Patch Index

4.3 - EOL: October, 2011

• TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5

  • 4.3/cve-2015-2047.diff

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 4.3/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 4.3/cve-2016-5091.diff

• Add PHP-FPM support to TYPO3 4.3 (Non-Security - Community-Patch)

  • 4.3/typo3_php-fpm_4-3.diff

4.4 - EOL: April, 2012

• TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5

  • 4.4/cve-2015-2047.diff

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 4.4/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 4.4/cve-2016-5091.diff

4.5 LTS - EOL: April, 2015

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 4.5/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 4.5/cve-2016-5091.diff

• Use push parser instead of pull parser on fetching extension list (Non-Security - Community-Patch)

  • 4.5/75721.diff

4.6 - EOL: April, 2013

• TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS

  • 4.6/cve-2013-4701.diff
  • 4.6/59573_4-6.diff

• TYPO3-CORE-SA-2014-003: Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS

  • 4.6/cve-2014-9508.diff

• TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5

  • 4.6/cve-2015-2047.diff

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 4.6/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 4.6/cve-2016-5091.diff

• Use push parser instead of pull parser on fetching extension list (Non-Security - Community-Patch)

  • 4.6/75721.diff

4.7 - EOL: October, 2014

• TYPO3-CORE-SA-2014-003: Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS

  • 4.7/cve-2014-9508.diff

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 4.7/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 4.7/cve-2016-5091.diff

• Use push parser instead of pull parser on fetching extension list (Non-Security - Community-Patch)

  • 4.7/75721.diff

6.0 - EOL: April, 2014

• TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS

  • 6.0/cve-2013-4701.diff
  • 6.0/59573_4-6.diff

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 6.0/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 6.0/cve-2016-5091.diff

• Use push parser instead of pull parser on fetching extension list (Non-Security - Community-Patch)

  • 6.0/75721.diff

6.1 - EOL: October, 2014

• TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting (Security - Community Patch)

  • 6.1/cve-2015-5956.diff

• TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS

  • 6.1/cve-2016-5091.diff

• Use push parser instead of pull parser on fetching extension list (Non-Security - Community-Patch)

  • 6.1/75721.diff