Important Security-Bulletin Pre-Announcement
May 20, 2016
Author: Helmut Hummel
Keywords: critical vulnerability, bulletin, pre-announcement
TYPO3 releases containing a fix for a critical vulnerability will be published Tuesday 24th of May at about 10:00 a.m. CEST (08:00 a.m. GMT).
[UPDATE] Add clarification regarding TYPO3 4.5
The TYPO3 security team has identified a critical security issue in the TYPO3 CMS Core.
All TYPO3 versions from 4.x to 8.1 are affected by this vulnerability. This means also TYPO3 version 4.5 (including 4.5 ELTS) is affected by this vulnerability.
Besides regular releases for supported branches (TYPO3 6.2.x, TYPO3 7.6.x, TYPO3 8.x), we will also provide patches for affected but unmaintained TYPO3 versions, because of the severity of this vulnerability.
Be prepared to update all your TYPO3 installations next Tuesday!
Please understand that we cannot provide any further information until the advisory has been published.
CVSS v2.0 data on the to be released advisory:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C (Base Score: 9.3, Temporal Score: 7.7)