The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core.
The following branches are affected by the vulnerability:
* TYPO3 4.5
* TYPO3 4.6
TYPO3 releases containing a security fix will be published tomorrow, Friday 16th
of December at about 10:00 am CET.
Exploiting this vulnerability is only possible for specific server environments.
Amongst others, PHP flag “register_globals” is required
to be activated.
Please consider deactivating “register_globals”; this setting is deprecated
nowadays (PHP 5.3+) and is generally not needed for TYPO3.
Installations running an older TYPO3 version (4.4 and lower) or do not have this
PHP setting activated, are *not* affected.
Since this is a very important security fix, please be prepared to update your
TYPO3 installations on Friday.
Update: today, December 16, 2011 published the Typo3 update with security fixes