[TYPO3-dev] [TYPO3-announce] Important Security-Bulletin Pre-Announcement
pcworld
0188801 at googlemail.com
Mon May 23 01:43:46 CEST 2016
Will you provide simple diffs for the security fix?
On some systems I am still on older versions of 6.2 (the
security-related fixes released in the meantime didn't affect me) and
would prefer to just apply a simple patch instead of upgrading to the
latest release of TYPO3 6.2, as some updates contain breaking changes as
far as I remember.
On 20.05.2016 11:12, TYPO3 Security Team wrote:
> Dear TYPO3 users,
>
> The TYPO3 security team has identified a critical security issue in the TYPO3 CMS Core.
>
> All TYPO3 versions from 4.x to 8.1 are affected by this vulnerability.
>
> Besides regular releases for supported branches (TYPO3 6.2.x, TYPO3 7.6.x, TYPO3 8.x), we will also provide patches for affected but unmaintained TYPO3 versions, because of the severity of this vulnerability.
>
> Be prepared to update all your TYPO3 installations next Tuesday!
>
> Please understand that we cannot provide any further information until the advisory has been published.
>
>
> CVSS v2.0 data on the to be released advisory:
>
> Base: AV:N/AC:M/Au:N/C:C/I:C/A:C (Score: 9.3)
> Temporal: E:F/RL:O/RC:C (Score: 7.7)
>
>
> Official Announcement: https://typo3.org/teams/security/security-bulletins/psa/typo3-psa-2016-002/
>
> Kind Regards,
>
> Helmut Hummel
> Member of the TYPO3 Security Team
>
>
More information about the TYPO3-dev
mailing list