Mon. 14th November, 2005
The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set, this will create a backup copy and append a "~" to the original file name. This leads to file names that may be delivered as text files by a web server. Thus, sensitive information (e.g. the content of localconf.php) may be disclosed.
This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-security-bulletin-29/