TYPO3 10.2.2
Release Notes
Release Notes for TYPO3 CMS 10.2.2
This document contains information about TYPO3 CMS 10.2.2 which was released on 17.12.2019.
Get TYPO3 10.2.2 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2019-021/
- https://typo3.org/security/advisory/typo3-core-sa-2019-022/
- https://typo3.org/security/advisory/typo3-core-sa-2019-023/
- https://typo3.org/security/advisory/typo3-core-sa-2019-024/
- https://typo3.org/security/advisory/typo3-core-sa-2019-025/
- https://typo3.org/security/advisory/typo3-core-sa-2019-026/
Checksums of TYPO3 10.2.2
SHA256
2ce3150dc4988868207a862557119bbd6fd021145c323174b5cdecd1d8265de7 typo3_src-10.2.2.tar.gz 926674ea35d69cdc71dde4baffe8e13624c7e08d044caa254da62daf1a38ecb9 typo3_src-10.2.2.zip
SHA1
f5113455bd826874f8d6645bd43f34f9ddbc8c2e typo3_src-10.2.2.tar.gz c46db15ecd5643a806d7e25955d6c0c4108b4440 typo3_src-10.2.2.zip
MD5
541469892abaf06d2c23ccbd942446fd typo3_src-10.2.2.tar.gz 1e32e5993323b6a1097196ebf2af8d0f typo3_src-10.2.2.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since [10.2.0]:
- 2019-12-17 b7d2c8f952 [RELEASE] Release of TYPO3 10.2.2 (thanks to Oliver Hader)
- 2019-12-17 9e35dd427f [TASK] Set TYPO3 version to 10.2.2-dev (thanks to Oliver Hader)
- 2019-12-17 aa2abdaf0d [RELEASE] Release of TYPO3 10.2.1 (thanks to Oliver Hader)
- 2019-12-17 8d05c31531 [SECURITY] Avoid insecure deserialization in QueryGenerator & QueryView (thanks to Frank Naegler)
- 2019-12-17 e1e56e7b6a [SECURITY] Prevent SQLi in ext:lowlevel QueryGenerator (thanks to Frank Naegler)
- 2019-12-17 4ec29f44ac [SECURITY] Avoid directory traversal on archive extraction (thanks to Andreas Fernandez)
- 2019-12-17 044d7dbe28 [SECURITY] XSS in file list through file extension (thanks to Andreas Fernandez)
- 2019-12-17 25f796b94e [SECURITY] Avoid XSS by correctly encoding typolink results (thanks to Oliver Hader)
- 2019-12-17 e971b012c8 [SECURITY] Prevent XSS in EXT:form error message output (thanks to Frank Naegler)
- 2019-12-17 d075cdeaf3 [TASK] Streamline frontend user password recovery process (thanks to Oliver Hader)
- 2019-12-17 6ea5b19c76 [BUGFIX] Don't import PHP class in ext_localconf.php (thanks to Andreas Fernandez)
(version v10.2.1 contained outdated composer version references which have been adjusted on v10.2.2)