[TYPO3] Address-hounters, this is interesting for you: feevcal.. (and all the others: better fix this..)

Tim Wentzlau tim.wentzlau at auxilior.com
Wed Jul 12 22:37:54 CEST 2006

hi Sabine

I actually think that the possibility of revealing information about FE 
users that is considered confidential is a security issue.

As a general rule security issues should not be published to any of the 
T3 news lists but addressed the T3 security team. The Security team then 
contracts the author of the insecure extension with a request and help 
to fix the problem. After a solution is found, implemented and released 
a public announcement is made about the security issue.

Announcing security issues as you do may put the entire T3 community at 
risk of getting exploited before a solution is found.

I will strongly advice the users of feevcal to disable the extension 
until a solution is found. Please contract the Author and the T3 
security team.


More information about the TYPO3-english mailing list