Helmut Hummel

has signed the Contributor License Agreement


  • Registered on: 2008-02-08
  • Last connection: 2015-11-20



Reported issues: 646


23:05 Core Task #70214: rsaauth should not send hashed password hash to formengine
can safely be handled in public tracker
23:05 Core Task #70214 (Closed): rsaauth should not send hashed password hash to formengine
closed as duplicate


16:01 Core Bug #70700 (Resolved): Improve resolving path to autoload.php
Applied in changeset commit:a1c96ef2f3e4bf67377d7815ee9d186666952b08.
15:52 Core Revision a1c96ef2: [BUGFIX] Improve resolving path to autoload.php
The patch improves the resolving of autoload.php for
frontend requests in order to support Windows systems
with symli...
14:00 Core Bug #58816 (Resolved): Response Splitting Vulnerability
Applied in changeset commit:49ffef2579a7814c75415b31fbce4421849169f8.
13:58 Core Revision 49ffef25: [TASK] Disallow multi-line HTTP headers
PHP removed the support for this deprecated HTTP specification
in recent versions of PHP, thus we should remove these...
12:17 Core Bug #71760: Possible insecure unserialize exploitation in UploadExtensionFileController
This is not about a currently exploitable security issue, but a precaution in case e.g. extensions introduce a insecu...


22:27 Core Feature #21779 (Closed): Integrate OWASP ESAPI for PHP
We will apply these step by step. No need to keep this meta ticket around
17:38 Core Feature #71739 (Accepted): Security Improvement: (salted) hash session id before storing in the d...
To make it harder to exploit read SQL injections, session id should not be stored in "clear text"
Besides that all...
10:23 Core Bug #71692: Fluid does not encode objects that act as string (have the __toString method)
We should keep it like that as changing it would be breaking and we will include standalone Fluid in TYPO3 8 anyway w...

Also available in: Atom