[TYPO3] Address-hounters, this is interesting for you: feevcal.. (and all the others: better fix this..)
Tim Wentzlau
tim.wentzlau at auxilior.com
Wed Jul 12 22:37:54 CEST 2006
hi Sabine
I actually think that the possibility of revealing information about FE
users that is considered confidential is a security issue.
As a general rule security issues should not be published to any of the
T3 news lists but addressed the T3 security team. The Security team then
contracts the author of the insecure extension with a request and help
to fix the problem. After a solution is found, implemented and released
a public announcement is made about the security issue.
Announcing security issues as you do may put the entire T3 community at
risk of getting exploited before a solution is found.
I will strongly advice the users of feevcal to disable the extension
until a solution is found. Please contract the Author and the T3
security team.
Tim
More information about the TYPO3-english
mailing list