Skip to content

Security: marketing-factory/picturecredits

Security

SECURITY.md

Marketing Factory Open Source Security Policies and Procedures for TYPO3 Extensions

This document outlines security procedures and general policies for the Marketing Factory Open Source TYPO3 Extensions found on https://github.com/marketing-factory/.

Important: TYPO3 Extensions are handeled by the TYPO3 Security Team

Reporting a Vulnerability

Please report vulnerabilities to security@typo3.org. Your report should include the following details:

  • The affected project (either the TYPO3 Core or a TYPO3 extension).
  • The exact version or version range that you analysed.
  • A step-by-step explanation of how to exploit the potential vulnerability.

You can use the following GPG/PGP key ID to optionally encrypt your messages to security@typo3.org:

  • Key ID: C05FBE60
  • Fingerprint: B41C C3EF 373E 0F5C 7018 7FE9 3BEF BD27 C05F BE60

You can download the public key from the following sources:

Coordinated Disclosure

⚠️ We urge security researchers not to publish vulnerabilities in issue trackers or discuss them publicly (e.g. on Slack or Twitter).

The TYPO3 Security Team coordinates the process with the TYPO3 core developers, extension maintainers and other affected parties. Once a security fix is available, we prepare a new release and publish the fixed version. At the same time, we communicate the vulnerability and the fix to the public by using various communication channels such as:

Further Information

There aren’t any published security advisories