Responsible Disclosure of Security Vulnerabilities on TYPO3.org

We believe strongly in keeping TYPO3.org safe for everyone. If you’ve discovered a security vulnerability, we want to hear about it and appreciate your help in disclosing it to us in a responsible manner.

If you’ve discovered a security concern, please email us at security(at)typo3.org.

We’ll work with you to make sure we understand the scope of the issue and fully address your concern. We don’t take security disclosures lightly and consider them our highest priority.

Please act in good faith towards our users’ privacy and data during your disclosure. TYPO3 requests that you don’t post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability. Also, we respectfully ask that you do not post or share any data belonging to our users.

THANKS FOR YOUR HELP IN KEEPING TYPO3.org SAFE.

Reporters