Please follow the guidelines below to contact us if you believe you have discovered a security vulnerability in this project.
Please do not open GitHub issues for security vulnerabilities.
Instead, please send an email to [email protected]. Your report should include the following details:
- The exact version or version range that you analysed.
- The TYPO3 version that you used for your analyse.
- A step-by-step explanation of how to exploit the potential vulnerability.
You can use the following GPG/PGP key ID to optionally encrypt your messages to [email protected]:
- Key ID:
6FA2DFA7 - Fingerprint:
277A 831A DA60 115C 3652 0011 0AB0 D6CA 6FA2 DFA7
You can download the public key from the following sources:
Note
You can also contact the TYPO3 Security Team in case you have discovered a potential security vulnerability. Please read TYPO3's Security Policy for more information.