Attention

TYPO3 v12 has reached end-of-life as of April 30th 2026 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.

Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v12 here: TYPO3 ELTS.

TYPO3 security overview

TYPO3 takes security seriously—both in its Core development and through the work of the official TYPO3 Security Team. But security is not just a feature of the system. It is a shared responsibility that involves system administrators, integrators, editors, and developers.

This chapter outlines common risks and how to mitigate them. It also explains how the TYPO3 Security Team handles incidents and how to respond if your site is compromised.

Security is not a fixed state—it is an ongoing process. Protecting your site requires regular review, timely updates, and responsible access control.

Reporting a security issue

If you would like to report a security issue in a TYPO3 extension or the TYPO3 Core system, please report it to the TYPO3 Security Team. Please refrain from making anything public before an official fix is released. Read more about the process of incident handling by the TYPO3 Security Team.