Task #34563

Story #26376: TER

Mark versions insecure

Added by Joern Bock over 3 years ago. Updated over 3 years ago.

Status:Resolved Start date:2012-03-06
Priority:Must have Due date:
Assigned To:Tolleiv Nietsch % Done:


Category:[FOR] TER
Target version:-


It is possible to mark a version of an extension as insecure. Unfortunately the checkbox is not saved after hitting the button "Update".

I remember this is caused by an extbase bug. But we need to fix that before launch.

Related issues

related to typo3.org and community tools - Task #34565: Display status of the version of an extension Resolved 2012-03-06


#1 Updated by Georg Ringer over 3 years ago

please also give the security team some days time to test those things properly before going live, thanks!

#2 Updated by HDNET over 3 years ago

  • Assigned To changed from Kai Vogel to HDNET

#3 Updated by Helmut Hummel over 3 years ago

The current implementation seems buggy. Kai fixed some things on the T3BORD but I don't know if that went into the SVN.

Additionally I wonder why extensions marked as insecure in the current TER, are still visible on preview:


We marked this extension insecure in february (see http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-003/) and the latest extension import seems to be from today, but t3extplorer is visible on preview.

#4 Updated by HDNET over 3 years ago

  • Status changed from New to Under Review
  • Assigned To changed from HDNET to Tolleiv Nietsch

We added Review->update to the FlexForm switchableControllerActions in Revision 59862 to the terfe Branch ter_fe2. (http://forge.typo3.org/projects/extension-terfe/repository/revisions/59862)
In addition there need to be some RealURL changes. We have informed Tolleiv about this. After updating the Plugin must be saved with the new FlexForm settings.

#5 Updated by Christian Zenker over 3 years ago

pushed changes to show the form only to TER admins in r2269.

Make sure to put the TER guys in the correct group "TER Admin" later on.

#6 Updated by Christian Zenker over 3 years ago

fixed on typo3.org

#7 Updated by Tolleiv Nietsch over 3 years ago

  • Status changed from Under Review to Resolved

I assume this works fine now.

#8 Updated by Helmut Hummel over 3 years ago

In fact it did not work until now. There still were problems with the TS configuration which I fixed in the SVN and on the live page now.

Besides that, it could not work because the login is forbidden on the TER FE pages, thus the review part never was shown.

Because of that I put the plugin on a protected page and enabled the login for that page.


Now it works, but is a bit inconvenient as realurl seems only to be configured for the original branch and the search somehow does not work.
We now have to figure out the correct parameters to show the extension we want.

To sum it up the original problem is solved, but I will open followup tickets to get the final things working.

Also available in: Atom PDF