A lot has been written on many sites across the internet. Even people without the slightest knowledge of TYPO3 released some dumb speech bubbles about how bad TYPO3 is.

So I will make it short. Yes, TYPO3 has a realy bad security hole. And yes this could be used for breaking into your server. And yes this hole exists since version 3.3.

These are the facts. It's not nice but on the other hand it has finally been fixed. All you have to do is to update your installations. Press the update button if you are at one of the TYPO3 mass hosters. Bother your agency if the already updated or patched your website. And finally, if you administrate your own server, download the sources and switch the link to the new version. That's it!

There is nothing more to write about this. I am happy that this was actually fixed and I don't want to know how long other systems need to provide patches for such an issue.

Greets,
Thomas

P.S.: And please stop trying to download by localconf.php file! I patched this page on monday! ;-)