Login / Status
developer.Resource
Home . Teams . Security
Sponsors
hosted by punkt.deTYPO3 and Open Source Magazine

Security in TYPO3

Security is taken very seriously by the developers of TYPO3. The visible part of that concern is the TYPO3 Security Team, whose team page you are viewing right now.

And it seems they are doing a good job. As TYPO3-user Michael Shigorin told us: "For us, one major reason to choose TYPO3 was the virtually blank bugtraq trail with significant usage numbers." Go ahead, search bugtraq and see for yourself...

How to stay informed about security updates

TYPO3 core security updates, extension security updates or unmaintained insecure extensions are announced in form of TYPO3 Security Bulletins. We notify the TYPO3 community about the release of new bulletins via different channels:

To get the bulletin notification delivered to your inbox, we strongly recommend to subscribe to the typo3-announce mailing list. Besides that, you may also consider to subscribe to the security news feed at news.typo3.org. The feed is available in different formats (Atom 0.3, RDF, RSS 2.0 and RSS 0.91).

How to report a security issue

If you have found a security issue in a TYPO3 extension or the TYPO3 core system, please report it to us. If you want to know how we deal with security issues, have a look at this page explaining our policy on such matters.

How to check the security of your TYPO3 web server

As announced on T3CON06 we proudly present the TYPO3 Security Cookbook containg a checklist to improve security on your web servers. This document is not finished yet and will never be, as security is an ongoing process and nothing in IT can ever be considered secure. Download the TYPO3 Security Cookbook from here:

Initiates file downloadTYPO3 Security Cookbook (English version)
Initiates file downloadTYPO3 Security Cookbook (French version, translation by Rachel Foucard)

If you have any ideas, considerations or comments, you think should go to the book, please send them to dodger@typo3.org.

About the TYPO3 Security Team

The TYPO3 Security Team has been founded in 2004. Real-life meetings mainly take place during the TYPO3 Snowboard Tour. If you are interested in contributing, please contact us.