-
Helmut Hummel authored
The typo3/ directory must currently be exposed in the web root for TYPO3 to work properly. Having the vendor dir with all composer dependencies in typo3/vendor however means, that these will also be exposed. This can be a security risk, which can be avoided by simply moving the vendor directory one level up. By doing so, a web directory which contains only two symlinks (typo3 and index.php) and no sources or link to the sources, will be protected from this risk. Resolves: #68918 Releases: master Change-Id: I5e504520102f94c81897945b41043d930cfc5b5f Reviewed-on: http://review.typo3.org/42495 Reviewed-by:
Mathias Brodala <mbrodala@pagemachine.de> Tested-by:
Stefan Neufeind <typo3.neufeind@speedpartner.de> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
554653e5
