Secured version of a21glossary available in TER

By: Michael Stucki on behalf of the TYPO3 Security Team

After having published bulletin TYPO3-SA-2009-003, the TYPO3 Security Team has been contacted by the extension owner who provided a security fix for that issue.

The TYPO3 Security Team is always interested to publish a security fix for a reported vulnerability. Only if all attempts of communication fail or the extension author is not willing to work on his extension any longer, we will recommend a complete removal of a vulnerable extension from productive TYPO3 installations.
Details of our procedure in regards to extensions are listed in our Extension Security Policy (typo3.org/teams/security/extension-security-policy/).

Our primary channel of communication with extension owners is email. So please make sure to have a up to date mail address deposited in your own extension. In addition, make sure your mail server works as expected - e.g. forwarding mails to your mail acount.

Case a21glossary

In the present case we tried to contact the extension owner several times using different recipient mail addresses. None of these mails have been replied to and we can clearly eliminate the possibility of an error on our side.
After having published the above mentioned bulletin, we were contacted by the extension maintainers. We provided them with details of the vulnerability and quickly received a security fix for this issue.

That's why extension a21glossary is again available in TER; version 0.4.11 (typo3.org/extensions/repository/view/a21glossary/current/) fixes the issue described in TYPO3-SA-2009-003.

---