2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005

Important Security-Bulletin Pre-Announcement

February 17, 2015

Author: Helmut Hummel
Keywords: bulletin, pre-announcement, TYPO3 4.5

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.

The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core.

The following branches are affected by the vulnerability:

* TYPO3 4.3
* TYPO3 4.4
* TYPO3 4.5
* TYPO3 4.6

Only TYPO3 installations which use the frontend login functionality are affected by this vulnerability.

Newer TYPO3 versions (4.7.0 or higher) are NOT affected!

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.

If possible, we will provide patches for not supported releases.

Since this is a very important security fix, please be prepared to update your TYPO3 installations on Thursday.

Until the advisory is out, please understand that we cannot provide any further information.

CVSS v2.0 data on the to be released bulletin:

Base AV:N/AC:L/Au:N/C:P/I:P/A:N | Temporal E:F/RL:O/RC:C


Add comment

Please log in or sign up to comment.