[TYPO3-announce] Important Security-Bulletin Pre-Announcement

TYPO3 Security Team security at typo3.org
Fri May 20 11:12:10 CEST 2016

Dear TYPO3 users,

The TYPO3 security team has identified a critical security issue in the TYPO3 CMS Core.

All TYPO3 versions from 4.x to 8.1 are affected by this vulnerability.

Besides regular releases for supported branches (TYPO3 6.2.x, TYPO3 7.6.x, TYPO3 8.x), we will also provide patches for affected but unmaintained TYPO3 versions, because of the severity of this vulnerability.

Be prepared to update all your TYPO3 installations next Tuesday!

Please understand that we cannot provide any further information until the advisory has been published.

CVSS v2.0 data on the to be released advisory:

Base: AV:N/AC:M/Au:N/C:C/I:C/A:C (Score: 9.3)
Temporal: E:F/RL:O/RC:C (Score: 7.7)

Official Announcement: https://typo3.org/teams/security/security-bulletins/psa/typo3-psa-2016-002/

Kind Regards,

Helmut Hummel
Member of the TYPO3 Security Team

TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security at typo3.org

More information about the TYPO3-announce mailing list