TYPO3 10.2.1
Release Notes
Stay secure and up-to-date with TYPO3 ELTS!
The TYPO3 CMS community supported from 2020-04-21
until 2023-04-30.
Extend your support now until 2026-04-30 to
get access to the latest security and compatibility updates for this version.
Release Notes for TYPO3 CMS 10.2.1
This document contains information about TYPO3 CMS 10.2.1 which was released on 17.12.2019.
Get TYPO3 10.2.1 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2019-021/
- https://typo3.org/security/advisory/typo3-core-sa-2019-022/
- https://typo3.org/security/advisory/typo3-core-sa-2019-023/
- https://typo3.org/security/advisory/typo3-core-sa-2019-024/
- https://typo3.org/security/advisory/typo3-core-sa-2019-025/
- https://typo3.org/security/advisory/typo3-core-sa-2019-026/
Checksums of TYPO3 10.2.1
SHA256
9f10c110dcfd8b33c02b102c3a75209646b0e6897ff026b44804bbac20921bd0 typo3_src-10.2.1.tar.gz 634dc219fccfdf2a91cabc70ca256cde28269df86e875fa814624349b4d0924f typo3_src-10.2.1.zip
SHA1
043efe4fc4af38a47d76f6fd0e13f14ecf21b7e7 typo3_src-10.2.1.tar.gz 84e54ee9090c4591e4e786f300be53fe23eb089f typo3_src-10.2.1.zip
MD5
21095a63f7e377f80676579a78144939 typo3_src-10.2.1.tar.gz 68384498a97dcbfddc079da6e4abf903 typo3_src-10.2.1.zip
Package Signatures
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Download GPG signed release README.md file
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/10.2.1/tar.gz wget --content-disposition https://get.typo3.org/10.2.1/tar.gz.sig gpg --verify typo3_src-10.2.1.tar.gz.sig typo3_src-10.2.1.tar.gz
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 10.2.0:
- 2019-12-17 aa2abdaf0d [RELEASE] Release of TYPO3 10.2.1 (thanks to Oliver Hader)
- 2019-12-17 8d05c31531 [SECURITY] Avoid insecure deserialization in QueryGenerator & QueryView (thanks to Frank Naegler)
- 2019-12-17 e1e56e7b6a [SECURITY] Prevent SQLi in ext:lowlevel QueryGenerator (thanks to Frank Naegler)
- 2019-12-17 4ec29f44ac [SECURITY] Avoid directory traversal on archive extraction (thanks to Andreas Fernandez)
- 2019-12-17 044d7dbe28 [SECURITY] XSS in file list through file extension (thanks to Andreas Fernandez)
- 2019-12-17 25f796b94e [SECURITY] Avoid XSS by correctly encoding typolink results (thanks to Oliver Hader)
- 2019-12-17 e971b012c8 [SECURITY] Prevent XSS in EXT:form error message output (thanks to Frank Naegler)
- 2019-12-17 d075cdeaf3 [TASK] Streamline frontend user password recovery process (thanks to Oliver Hader)
- 2019-12-17 6ea5b19c76 [BUGFIX] Don't import PHP class in ext_localconf.php (thanks to Andreas Fernandez)