Critical vulnerability in TYPO3 4.x core [Advance notice]
A critical security vulnerability has been discovered in the TYPO3 Core version 4 by the TYPO3 Security Team. Apparently only TYPO3 installations that provide a frontend login are vulnerable.
Affected TYPO3 versions:
- TYPO3 4.3
- TYPO3 4.4
- TYPO3 4.5
- TYPO3 4.6
TYPO3 4.7 and higher are not affected by the vulnerability.
On Thursday, 2015-02-19 around 10:00 CET, TYPO3 version 4.5.40 is scheduled to be released which fixes the issue. If possible, patches for currently no longer supported versions will also be provided. Until then, no further details can be given for understandable reasons.