Update on recent typo3.org issue

Categories: Security

Dear user of typo3.org,

after a while of (almost) non-stop activity by members of the security team as well as the core team and the folks from punkt.de the front user login on typo3.org has been enabled again. This means that as soon as you have set a new password for your account, also login to the bug tracker, the forge and the support website will be possible again.

Since all logins have been locked you will need to go to and make use of the "Forgot your password?" link below the login form. Simply enter your user name and a new password will be generated and sent to the email address in your profile. Feel free to change the password after logging in for the first time afterwards.

If you are a member of a forge project with SVN write access, make sure you have logged in to the forge website using the single-signon at least once after creating the password. This makes sure the needed login data is propagated.

The investigative measures taken so far come to the conclusion that the hacker did not use a software bug in the TYPO3 software. For more information on the background of the incident, please have a look at the FAQ located at .

Thanks to everyone who worked on solving the issue the last days - and thank you for your patience!

TYPO3 Association