Project

General

Profile

Actions
Copy link

Bug #68918

closed

Move vendor/ directory out of typo3/

Added by Helmut Hummel over 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Helmut Hummel
Category:
composer
Target version:
-
Start date:
2015-08-11
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The typo3/ directory must currently be exposed in the web root for TYPO3 to work properly.
Having the vendor dir with all composer dependencies in typo3/vendor however means, that
these will also be exposed. This can be a security risk, which can be avoided by simply
moving the vendor directory one level up.

By doing so, a web directory which contains only two symlinks (typo3 and index.php) and no
sources or link to the sources, will be protected from this risk.

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #68885: Move composer vendor directory out of typo3 folderClosedHelmut Hummel2015-08-09

Actions
Actions
Copy link

Also available in: Atom PDF