.. include:: ../../Includes.txt


.. _react-quickly:

React quickly
^^^^^^^^^^^^^

TYPO3 is open source software as well as all TYPO3 extensions
published in the TYPO3 Extension Repository (TER). This means,
everyone can download and investigate the code base. From a security
perspective, this usually improves the software, simply because more
people review the code, not only a few core developers. Currently,
there are hundreds of developers actively involved in the TYPO3
community and if someone discovers and reports a security issue,
he/she will be honored by being credited in the appropriate security
bulletin.

The open source concept also implies that everyone can compare the old
version with the new version of the software after a vulnerability
became public. This may give an insight to anyone who has programming
knowledge, how to exploit the vulnerability and therefore it is
understandable how important it is, to react quickly and fix the issue
before someone else compromises it. In other words, it is not enough
to receive and read the security bulletins, it is also essential to
react as soon as possible and to update the software or deinstall the
affected component.

The security bulletins may also include specific advice such as
configuration changes or similar. Check your individual TYPO3 instance
and follow these recommendations.