[TYPO3-announce] Important Security-Bulletin Pre-Announcement

TYPO3 Security Team security at typo3.org
Tue Feb 17 12:34:11 CET 2015

Dear TYPO3 users,

The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core.

The following branches are affected by the vulnerability:
* TYPO3 4.3
* TYPO3 4.4
* TYPO3 4.5
* TYPO3 4.6

Only TYPO3 installations which use the frontend login functionality are affected by this vulnerability.
Newer TYPO3 versions (4.7.0 or higher) are *NOT* affected!

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, 
Thursday 19th of February at about 10:00 am CET.

If possible, we will provide patches for not supported releases.

Since this is a very important security fix, please be prepared to update your
TYPO3 installations on Thursday.

Until the advisory is out, please understand that we cannot provide any further

CVSS v2.0 data on the to be released bulletin:
Base AV:N/AC:L/Au:N/C:P/I:P/A:N | Temporal E:F/RL:O/RC:C


Helmut Hummel
Member of the TYPO3 Security Team

TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security at typo3.org

More information about the TYPO3-announce mailing list