[TYPO3-announce] [Ticket#2010100510000014] Important Security-Bulletin Pre-Announcement

TYPO3 Security Team security at typo3.org
Tue Oct 5 10:37:55 CEST 2010

Dear users of TYPO3,

The TYPO3 security team has identified a critical security issue in the TYPO3

We will release new packages for TYPO3 4.2, 4.3 and 4.4 together with a
security bulletin on
http://typo3.org on Wednesday, October 6 at 11:00 am CEST (9:00 am GMT).

The critical security issue also affects TYPO3 versions that are no longer
officially supported.
The TYPO3 security team will provide mitigation advices for users of outdated
TYPO3 versions but would like to encourage users to upgrade to officially
supported ones though. An overview of officially supported TYPO3 versions can
be found at http://typo3.org/download/packages/

Since this is a very important security fix, please be prepared to update your
TYPO3 installations on Wednesday.

Until the advisory is out, please understand that we cannot provide any
further information.

CVSS v2.0 data:
Base AV:N/AC:H/Au:N/C:C/I:P/A:C | Temporal E:F/RL:OF/RC:C


Marcus Krause
Member of the TYPO3 Security Team

TYPO3 Security Team homepage: [1]http://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: When replying to this e-mail, please leave the header intact.

[1] http://typo3.org/teams/security/

More information about the TYPO3-announce mailing list