From bf604daeec81bb58999d47914ca7bb76930e7e80 Mon Sep 17 00:00:00 2001
From: linawolf <112@linawolf.de>
Date: Thu, 16 Jun 2022 11:44:58 +0200
Subject: [PATCH] [DOCS] Document "Restrict export functionality"

Add changelog entry to https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 - Restrict export functionality to allowed users

Resolves: #97771
Releases: main, 11.5, 10.4
Change-Id: I98252b73aa5b14a8cfe5d26559711123e17ced15
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74977
Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
---
 ...trictExportFunctionalityToAllowedUsers.rst | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 typo3/sysext/core/Documentation/Changelog/10.4.x/Important-94951-RestrictExportFunctionalityToAllowedUsers.rst

diff --git a/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-94951-RestrictExportFunctionalityToAllowedUsers.rst b/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-94951-RestrictExportFunctionalityToAllowedUsers.rst
new file mode 100644
index 000000000000..eedbe719fe4c
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-94951-RestrictExportFunctionalityToAllowedUsers.rst
@@ -0,0 +1,53 @@
+.. include:: /Includes.rst.txt
+
+.. _important-94951-1655368664:
+
+===================================================================
+Important: #94951 - Restrict export functionality to allowed users
+===================================================================
+
+See :issue:`94951`
+
+.. important::
+    This change was introduced as part of the
+    `TYPO3 11.5.11 and 10.4.29 security release <https://typo3.org/security/advisory/typo3-core-sa-2022-001>`__.
+
+Description
+===========
+
+The export functionality has the following security drawbacks:
+
+*   Export for editors is not limited on field level
+*   The :guilabel:`Save to filename` functionality saves to a shared folder,
+    which other editors with different access rights may have access to.
+
+Both issues are not easy to resolve and also the target
+audience for the Import/Export functionality are mainly
+TYPO3 admins.
+
+Impact
+======
+
+The export functionality is restricted
+to TYPO3 admin users and to users, who explicitly have
+access through the new user TSConfig setting
+:typoscript:`options.impexp.enableExportForNonAdminUser`.
+
+Affected installations
+======================
+
+Installations with EXT:impexp installed where non-admin users need to use the
+export functionality.
+
+Migration
+=========
+
+If non-admin users should be able to use the export tool, set the
+following user TSconfig:
+
+.. code-block:: typoscript
+    :caption: EXT:my_sitepackage/Configuration/TSconfig/allusers.tsconfig
+
+    options.impexp.enableExportForNonAdminUser = 1
+
+.. index:: Backend, TSConfig, NotScanned, ext:impexp
-- 
GitLab