TYPO3 + Ext Updates

25 January 2010

Index

Part IRecognise critical problems

– In extensions

– In the TYPO3 core

Part IIUpdate process- Extensions- TYPO3 core

Recognise critical problems

Be aware of TYPO3 core and extension updateswhich are solving possible security problems

Subscribe and read security RSS feedhttp://news.typo3.org/news/teams/security/rss.xml

Part I:

Recognise critical problems

In TYPO3 extensions

Recognise critical problems - Extensions

Have a look into your extension list(which extensions are installed)

Recognise critical problems - Extensions

Note: Extension Manager is available for admins only

Recognise critical problems - Extensions

Compare extension Keys

Installed extensions in TYPO3 Extensions which have to be updated

Installed Extensions

Content_help 1.1.0

wt_ttaddress_extend

0.0.0

kickstarter 0.4.0

…

Extensions with sec fixes

mk_anydropdownmenu

<= 0.3.28

goof_fotoboek <= 1.7.14

ref_list <= 1.0.1

…

Recognise critical problems - Extensions

If you found a match

– Even try to contact the admin (mail + phone)

– Check the installed version

– Read the security note

• What kind of security problem?• What kind of security problem?

– Check severity

• Is there a new version available in the TER?

– Yes, so please update (see part II)

– No, deactivate Plugin in Ext Manager (see part II)

Part I:

Recognise critical problems

In the TYPO3 core

Recognise critical problems – TYPO3 core

Recognise critical problems – TYPO3 core

Is this an urgent needed update?

Update!

1) Severity: Critical

2) This seems to be a high potencialproblem with could be exploit directlyfrom the Frontend.

3) Description of a possible hack of theCMS settings

Recognise critical problems – TYPO3 core

Is this an urgent needed update?

Let the admin do this job

1) Severity: High

2) Problem description starts with„By using an OpenID identity…“OpenID is not used in our installation atthe moment

3) Openid is disabeld by default

Recognise critical problems - Extensions

If there is a security which should be fixedimmediatly

– Even try to contact the admin (mail + phone)

– Check the version of the currently used CMS

You will see the version with a backend login

– Update TYPO3 (see part II)

Part II:

Update process

Extensions

Update process – Extensions – note

Pro: Extension updates are very easy to handle

Con: Extension updates can mainly results in Frontend malfunctions

Note: You need a Backend admin access to makeNote: You need a Backend admin access to makean update

Note: Please try to contact the admin before youare going to make an update (via email andphone)

Update process - Extensions – note

If there is no newer version available in the TER, please deactivate the extension in the Ext Manager by clicking the green icon

Update process – Extensions – Backup

First of all, please make a backup of the existingextension in the extension manager

This results in a *.t3x file, which can bedownloaded and stored on your harddrive

Update process – Extensions – function test

Please make a short function test of the extensionbefore you‘re going to make an update

Example for theextension„powermail“:Make a test withMake a test withfilling out a form and send it.

Update process – Extensions – Update

1. Choose theExt Manager

2. ChooseImport extensions

3. Retriefe/Update(and wait some seconds)

4. Search for an extension key

Update process – Extensions – Update

Click update

And again update

Update process – Extensions – function test II

Please make a short function test after theupdate FE and BE!

Example for theextension„powermail“:Make a test withMake a test withfilling out a form and send it.

Update process – Extensions – Errors and malfunction

In some special cases there could happen someerrors which are blockating further functions

Please retry to contact the admin

Deactivate the updated extensionDeactivate the updated extension(see first update note)

Part II:

Update process

TYPO3 core

Update process – TYPO3 core – note

Pro: Malfunctions are not so often like in extension updates

Con: TYPO3 updates are not so easy to handle

Note: You need a FTP access to the serverNote: You need a FTP access to the server

Note: Please try to contact the admin before youare going to make an update (via email and phone)

Update process – TYPO3 core – Backup

Connect with your FTP client (e.g. Filezilla) to theserver and download (for a backup): - Folder: typo3- Folder: t3lib- File: index.php

Update process – TYPO3 core – Get a new core

1. Open the URL typo3.org

3. Click on zip/tar.gz packages

2. click on download

4. Download Source ZIP(Keep bugfix version:e.g. 4.3.0 to 4.3.1or 4.2.10 to 4.2.11)

5. Extract zip file

Update process – TYPO3 core – Overwrite old core

Connect again with your FTP client (e.g. Filezilla) to the server and upload (completely overwrite): - Folder: typo3- Folder: t3lib- File: index.php

Update process – TYPO3 core – Function test

Please check the frontend functions

Login to the backend

Clear complete cache

Check backend functions

Check frontend functions again

Update process – TYPO3 core – Errors and malfunction

In some special cases there could happen somefatal errors which are blockating further functions

Please retry to contact the admin or the serveradmin

Always keep your eyes open