Contact Us!

  • If you learn about a potential security issue in the TYPO3 core or in an extension, please always contact the TYPO3 Security Team (see below). Please always include the version number where you've discovered the issue. If we can confirm a problem in a third-party extension, we will inform the author immediately.
  • If you discover a security problem in your own extension, please inform the TYPO3 Security Team as well. They can help you to fix it, and they may want to issue an advisory once it is fixed.

Please always give us a reasonable amount of time to assess the vulnerability and get back to you with an answer.

Report security issues

Security related information can be sent to security(at)typo3.org.

Concerning GPG encryption

You can send GPG/PGP encrypted emails to security(at)typo3.org using key id C05FBE60 (complete fingerprint B41C C3EF 373E 0F5C 7018 7FE9 3BEF BD27 C05F BE60).