Project

General

Profile

Actions

Bug #68918

closed

Move vendor/ directory out of typo3/

Added by Helmut Hummel over 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
composer
Target version:
-
Start date:
2015-08-11
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The typo3/ directory must currently be exposed in the web root for TYPO3 to work properly.
Having the vendor dir with all composer dependencies in typo3/vendor however means, that
these will also be exposed. This can be a security risk, which can be avoided by simply
moving the vendor directory one level up.

By doing so, a web directory which contains only two symlinks (typo3 and index.php) and no
sources or link to the sources, will be protected from this risk.


Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #68885: Move composer vendor directory out of typo3 folderClosedHelmut Hummel2015-08-09

Actions
Actions #1

Updated by Gerrit Code Review over 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42495

Actions #2

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42495

Actions #3

Updated by Helmut Hummel over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #4

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF