Over the weekend, a major Typolight security hole was identified that allows hackers to bypass password authentication and gain access to Typolight sites.
In an email sent to the Typolight community, the Typolight team has made it quite clear the impact of this security hole and why they want people to patch immediately.
We would like to applaud the Typolight developers for their honesty and the time they have taken to explain to people why they need to patch right away. It's clear the Typolight team does not mess around when it comes to security and that's should make those using their CMS feel like they have made the right choice.
More about this security hole and how to fix it can be found here: http://www.typolight.org/news/items/major-security-hole-in-the-typolight-install-tool.html