Dear TYPO3 users,
It has been discovered that the extension "Frontend User Registration" (sf_register) lacks a proper access check.
For further information on the issues, please read the related advisory TYPO3-EXT-SA-2016-010 which was published today:
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-010/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
<https: docs.typo3.org typo3cms securityguide></https:> https://docs.typo3.org/typo3cms/SecurityGuide/
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.typo3.org cgi-bin mailman listinfo typo3-announce> <a href="http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce" target="_blank" rel="noreferrer">http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce</a>
See all TYPO3 security advisories:
<https: typo3.org teams security security-bulletins></https:> <a href="https://typo3.org/teams/security/security-bulletins/" target="_blank" rel="noreferrer">https://typo3.org/teams/security/security-bulletins/</a>
Regards,
Nicole Cordes
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: <https: typo3.org teams security></https:> <a href="https://typo3.org/teams/security/" target="_blank" rel="noreferrer">https://typo3.org/teams/security/</a>
E-Mail: <http: lists.typo3.org cgi-bin mailman listinfo typo3-announce> security@typo3.org</http:></http:>
