[SECURITY] Do not disclose encryptionKey via InstallTool
The encryptionKey is a secret that must never be sent within any request, therefore it is now dropped from the editing interface in "Configure Installation-Wide Options". Resolves: #103046 Releases: main, 13.0, 12.4, 11.5 Change-Id: I260a8a2e9af29908543dfe48ac3658d8c45cc440 Security-Bulletin: TYPO3-CORE-SA-2024-004 Security-References: CVE-2024-25119 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82948 Reviewed-by:Oliver Hader <oliver.hader@typo3.org> Tested-by:
Showing
- typo3/sysext/core/Classes/Configuration/ConfigurationManager.php 1 addition, 0 deletions...ysext/core/Classes/Configuration/ConfigurationManager.php
- typo3/sysext/core/Classes/Log/Writer/FileWriter.php 11 additions, 1 deletiontypo3/sysext/core/Classes/Log/Writer/FileWriter.php
- typo3/sysext/core/Configuration/DefaultConfiguration.php 0 additions, 1 deletiontypo3/sysext/core/Configuration/DefaultConfiguration.php
- typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml 0 additions, 3 deletions...t/core/Configuration/DefaultConfigurationDescription.yaml
- typo3/sysext/core/Tests/UnitDeprecated/TypoScript/Parser/TypoScriptParserTest.php 2 additions, 0 deletions...UnitDeprecated/TypoScript/Parser/TypoScriptParserTest.php
- typo3/sysext/extbase/Tests/UnitDeprecated/Mvc/Web/Routing/UriBuilderTest.php 7 additions, 0 deletions...e/Tests/UnitDeprecated/Mvc/Web/Routing/UriBuilderTest.php
Please register or sign in to comment