Contact Us!

  • If you learn about a potential security issue in the TYPO3 core or in an extension, please always contact the TYPO3 Security Team (see below). Please always include the version number where you've discovered the issue. If we can confirm a problem in a third-party extension, we will inform the author immediately.
  • If you discover a security problem in your own extension, please inform the TYPO3 Security Team as well. They can help you to fix it, and they may want to issue an advisory once it is fixed.

Please always give us a reasonable amount of time to assess the vulnerability and get back to you with an answer.

Report security issues

Security related information can be sent to security(at)typo3.org.

Concerning GPG encryption

You can send GPG/PGP encrypted emails to security(at)typo3.org using key id C05FBE60 (complete fingerprint B3DB D332 47AF B5C4 F652 FBF5 E5E6 E185 584F 0E10).