- If you learn about a potential security issue in the TYPO3 core or in an extension, please always contact the TYPO3 Security Team (see below). Please always include the version number where you've discovered the issue. If we can confirm a problem in a third-party extension, we will inform the author immediately.
- If you discover a security problem in your own extension, please inform the TYPO3 Security Team as well. They can help you to fix it, and they may want to issue an advisory once it is fixed.
Please always give us a reasonable amount of time to assess the vulnerability and get back to you with an answer.
Contact the TYPO3 Security Team!
Security related information can be sent to this e-mail address.
Concerning GPG encryption
Your e-mail to the security team will be processed by a ticket system which unfortunately cannot handle GPG-encrypted e-mail. So we kindly ask you not to GPG-encrypt your e-mails to the security team.
And what happens now?
If you want to know how we deal with security issues, have a look at this page explaining our policy on such matters.