Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

TYPO3-PSA-2015-001: Important Security-Bulletin Pre-Announcement

Categories: Public Service Announcement Created by Helmut Hummel
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.

The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core.

The following branches are affected by the vulnerability:

* TYPO3 4.3
* TYPO3 4.4
* TYPO3 4.5
* TYPO3 4.6

Only TYPO3 installations which use the frontend login functionality are affected by this vulnerability.

Newer TYPO3 versions (4.7.0 or higher) are NOT affected!

A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.

If possible, we will provide patches for not supported releases.

Since this is a very important security fix, please be prepared to update your TYPO3 installations on Thursday.

Until the advisory is out, please understand that we cannot provide any further information.

CVSS v2.0 data on the to be released bulletin:

Base AV:N/AC:L/Au:N/C:P/I:P/A:N | Temporal E:F/RL:O/RC:C