T3DD08 provided an excellent opportunity to discuss and identify new strategies to address the growing number of vulnerabilities found in extensions. One result of the discussions is the new Collective Security Bulletins, which enables to summarize multiple warnings for multiple extensions in a single bulletin. From now on, Collective Security Bulletins will be used for extensions with relatively low download numbers from the TYPO3 Extension Repository (TER) or low importance to the community.

The team also successfully fixed a security vulnerability within the TYPO3 core related to uploading files. In addition, the team is developing a policy that describes how the Security Team operates. This document will help formalize the processes and will be publicly available to enable the community to understand exactly how the Security Team functions.

A more detailed version of this Quarterly Report containing links to further information can be found on http://association.typo3.org/home/past-activity-reports/