Security Team

Report a vulnerability  Security related information can be sent to security@typo3.org.

We are responsible for all security related concerns in the TYPO3 ecosystem. This includes:

• Handling of reported security issues for the TYPO3 core and extensions. 
• Coordinating security fixes with the TYPO3 core team and extension developers
• Publishing security bulletins for TYPO3 core and extension issues
• Providing assistance for extension developers in resolving security issues
• Providing TYPO3 security guidelines
• Help the TYPO3 server team keeping the typo3.org infrastructure secure

How to report a Security Issue

If you have found a security issue in a TYPO3 extension or the TYPO3 core system, please report it to us by following the instructions described on this page.

How to stay informed about security updates

TYPO3 core security updates, extension security updates or unmaintained insecure extensions are announced in the form of TYPO3 Security Bulletins. We notify the TYPO3 community about the release of new bulletins via the following channels:

• Email: To get the bulletin notification delivered to your inbox, we strongly recommend to subscribe to the typo3-announce mailing list.
• RSS Feed: You can subscribe to the security news feed at typo3.org. 
• X (formerly Twitter) and Mastodon: We also publish links to our Security Bulletins on X (formerly Twitter) as @typo3_security and on Mastodon as @typo3_security.

Join the TYPO3 Security Team

If you are interested in making the TYPO3 more secure and want to contribute, please contact us.