[TYPO3-UG Russia] Fwd: [TYPO3-announce] TYPO3-PSA-2014-001: Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

[Michael Shigorin]

PS: почему-то ссылка на typo3-psa-2014-001 хочет логин,
это что за новости?

----- Forwarded message from TYPO3 Security Team <security/typo3.org> -----

Date: Fri, 31 Jan 2014 11:44:48 +0100
From: TYPO3 Security Team <security/typo3.org>
To: "TYPO3 Announcement List, readonly" <typo3-announce/lists.typo3.org>
Subject: [TYPO3-announce] TYPO3-PSA-2014-001: Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

Dear TYPO3 Community!

>From now on the TYPO3 Security Team will publish Public Service Announcements (PSA) on some security related topics around TYPO3 products. For details what they are, please read: 
http://typo3.org/news/article/security-public-service-announcements/


The first PSA is about security improvements (CSRF Protection) that will be included into TYPO3 CMS 6.2 and what steps can be taken to mitigate possible CSRF attacks in versions below 6.2:

http://typo3.org/teams/security/security-bulletins/psa/typo3-psa-2014-001/




In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
http://typo3.org/documentation/document-library/extension-manuals/doc_guide_security/current/

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/



Regards,

Helmut Hummel
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security/typo3.org

_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin / http://altlinux.org
  ------ http://opennet.ru / http://anna-news.info