The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core

The TYPO3 security team has identified a critical security issue in the TYPO3 v4 Core.

The following branches are affected by the vulnerability:
* TYPO3 4.5
* TYPO3 4.6

TYPO3 releases containing a security fix will be published tomorrow, Friday 16th
of December at about 10:00 am CET.

Exploiting this vulnerability is only possible for specific server environments.
Amongst others, PHP flag “register_globals” is required
to be activated.

Please consider deactivating “register_globals”; this setting is deprecated
nowadays (PHP 5.3+) and is generally not needed for TYPO3.

Installations running an older TYPO3 version (4.4 and lower) or do not have this
PHP setting activated, are *not* affected.

Since this is a very important security fix, please be prepared to update your
TYPO3 installations on Friday.

Update: today, December 16, 2011 published the Typo3 update with security fixes

This entry was posted in ECM, Open Source, Security alert and tagged . Bookmark the permalink.

Leave a Reply