Upload
alex-kellner
View
1.547
Download
1
Tags:
Embed Size (px)
DESCRIPTION
When should an administrator update a TYPO3 system?
Citation preview
TYPO3 + Ext Updates
25 January 2010
Index
Part IRecognise critical problems
– In extensions
– In the TYPO3 core
Part IIUpdate process- Extensions- TYPO3 core
Recognise critical problems
Be aware of TYPO3 core and extension updateswhich are solving possible security problems
Subscribe and read security RSS feedhttp://news.typo3.org/news/teams/security/rss.xml
Part I:
Recognise critical problems
In TYPO3 extensions
Recognise critical problems - Extensions
Have a look into your extension list(which extensions are installed)
Recognise critical problems - Extensions
Note: Extension Manager is available for admins only
Recognise critical problems - Extensions
Compare extension Keys
Installed extensions in TYPO3 Extensions which have to be updated
Installed Extensions
Content_help 1.1.0
wt_ttaddress_extend
0.0.0
kickstarter 0.4.0
…
Extensions with sec fixes
mk_anydropdownmenu
<= 0.3.28
goof_fotoboek <= 1.7.14
ref_list <= 1.0.1
…
Recognise critical problems - Extensions
If you found a match
– Even try to contact the admin (mail + phone)
– Check the installed version
– Read the security note
• What kind of security problem?• What kind of security problem?
– Check severity
• Is there a new version available in the TER?
– Yes, so please update (see part II)
– No, deactivate Plugin in Ext Manager (see part II)
Part I:
Recognise critical problems
In the TYPO3 core
Recognise critical problems – TYPO3 core
Recognise critical problems – TYPO3 core
Is this an urgent needed update?
Update!
1) Severity: Critical
2) This seems to be a high potencialproblem with could be exploit directlyfrom the Frontend.
3) Description of a possible hack of theCMS settings
Recognise critical problems – TYPO3 core
Is this an urgent needed update?
Let the admin do this job
1) Severity: High
2) Problem description starts with„By using an OpenID identity…“OpenID is not used in our installation atthe moment
3) Openid is disabeld by default
Recognise critical problems - Extensions
If there is a security which should be fixedimmediatly
– Even try to contact the admin (mail + phone)
– Check the version of the currently used CMS
You will see the version with a backend login
– Update TYPO3 (see part II)
Part II:
Update process
Extensions
Update process – Extensions – note
Pro: Extension updates are very easy to handle
Con: Extension updates can mainly results in Frontend malfunctions
Note: You need a Backend admin access to makeNote: You need a Backend admin access to makean update
Note: Please try to contact the admin before youare going to make an update (via email andphone)
Update process - Extensions – note
If there is no newer version available in the TER, please deactivate the extension in the Ext Manager by clicking the green icon
Update process – Extensions – Backup
First of all, please make a backup of the existingextension in the extension manager
This results in a *.t3x file, which can bedownloaded and stored on your harddrive
Update process – Extensions – function test
Please make a short function test of the extensionbefore you‘re going to make an update
Example for theextension„powermail“:Make a test withMake a test withfilling out a form and send it.
Update process – Extensions – Update
1. Choose theExt Manager
2. ChooseImport extensions
3. Retriefe/Update(and wait some seconds)
4. Search for an extension key
Update process – Extensions – Update
Click update
And again update
Update process – Extensions – function test II
Please make a short function test after theupdate FE and BE!
Example for theextension„powermail“:Make a test withMake a test withfilling out a form and send it.
Update process – Extensions – Errors and malfunction
In some special cases there could happen someerrors which are blockating further functions
Please retry to contact the admin
Deactivate the updated extensionDeactivate the updated extension(see first update note)
Part II:
Update process
TYPO3 core
Update process – TYPO3 core – note
Pro: Malfunctions are not so often like in extension updates
Con: TYPO3 updates are not so easy to handle
Note: You need a FTP access to the serverNote: You need a FTP access to the server
Note: Please try to contact the admin before youare going to make an update (via email and phone)
Update process – TYPO3 core – Backup
Connect with your FTP client (e.g. Filezilla) to theserver and download (for a backup): - Folder: typo3- Folder: t3lib- File: index.php
Update process – TYPO3 core – Get a new core
1. Open the URL typo3.org
3. Click on zip/tar.gz packages
2. click on download
4. Download Source ZIP(Keep bugfix version:e.g. 4.3.0 to 4.3.1or 4.2.10 to 4.2.11)
5. Extract zip file
Update process – TYPO3 core – Overwrite old core
Connect again with your FTP client (e.g. Filezilla) to the server and upload (completely overwrite): - Folder: typo3- Folder: t3lib- File: index.php
Update process – TYPO3 core – Function test
Please check the frontend functions
Login to the backend
Clear complete cache
Check backend functions
Check frontend functions again
Update process – TYPO3 core – Errors and malfunction
In some special cases there could happen somefatal errors which are blockating further functions
Please retry to contact the admin or the serveradmin
Always keep your eyes open