[TYPO3-dev] [Fwd: [TYPO3-announce] Announcing TYPO3 4.0.12, 4.1.10 and 4.2.6]
Steffen Müller
typo3 at t3node.com
Tue Feb 10 18:53:59 CET 2009
Hi.
On 10.02.2009 17:56 Martin Kutschker wrote:
>
> It only makes the little brats curious and could have been written in a
> more general tone. eg "with the exploit you can retrieve vital
> configuration files. With this files and well known methods the attacker
> can gain administration access to your site. If the server is not
> properly configured the attacker may even gain enough knowledge to steal
> all your databases or break into your system."
>
On the other hand, saying: "Dear Users, critical security threat, please
update soon. Full stop." simply does not make the situation as clear as
"exploit will hurt your system bad, because..." does.
+1 for full disclosure
--
cheers,
Steffen
http://www.t3node.com/
More information about the TYPO3-dev
mailing list