security message after upgrade to 9.5.17

前端未结

关注

 5  644

梦谈多话 2021-02-02 00:23

after upgrading to 9.5.17 i get in the reports the following security messages:

Server Response on static files:

www.mydomain.de/typo3temp/assets/43cd7


      
      
        
          5条回答        

        
                    
            
            
                         
                
              
              
                
                   醉话见心
                                             
                
                
                (楼主)
            
              
              
                2021-02-02 00:53
              

            
            
                        
The error messages you are receiving are part of a security feature that has been integrated into recent TYPO3 v9.5.17 and v10.4.2 releases, see https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html

Basically it means that your current server system


is evaluating files like test.php.txt (.php not at the end of the filename) still as PHP content - this can cause a security vulnerability in case somebody manages to upload a similar file (which might be considered as text/plain file, but is actually executable PHP code) 


potentially remote code execution  

is serving files like test.html.wrong (.html not at the end of the filename) still as text/html which triggers the browser to execute HTML tags and potential dangerous 

                                 
              

            

                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复