TYPO3 10.4.18
Release Notes
Release Notes for TYPO3 CMS 10.4.18
This document contains information about TYPO3 CMS 10.4.18 which was released on 20.07.2021.
Get TYPO3 10.4.18 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2021-009
- https://typo3.org/security/advisory/typo3-core-sa-2021-010
- https://typo3.org/security/advisory/typo3-core-sa-2021-011
- https://typo3.org/security/advisory/typo3-core-sa-2021-012
- https://typo3.org/security/advisory/typo3-psa-2021-001
- https://typo3.org/security/advisory/typo3-psa-2021-002
Checksums of TYPO3 10.4.18
SHA256
93d2389e21be17ec6ace908d804af1211024c82847ed28d957c4e3659ca3417f typo3_src-10.4.18.tar.gz b7be3fce6c2d118b8c6e4117358176d5525212ec5b34e554a0e1b44d19865744 typo3_src-10.4.18.zip
SHA1
7e1e4a488c0b113a9201e469056a4650e0a8d083 typo3_src-10.4.18.tar.gz 1c7e10c94757c656489449526f0867f5ec047847 typo3_src-10.4.18.zip
MD5
7802726159a94d4bc3844b538424d298 typo3_src-10.4.18.tar.gz 8bc1d34e3392d8b3ad04d7e277550498 typo3_src-10.4.18.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since [10.4.17]:
- 2021-07-20 7c21aadae4 [RELEASE] Release of TYPO3 10.4.18 (thanks to Oliver Hader)
- 2021-07-20 f8082e1fba [SECURITY] Do not log sensitive data in authentication process (thanks to Benni Mack)
- 2021-07-20 01eb0e3b07 [SECURITY] Mitigate XSS related to column names (thanks to Oliver Bartsch)
- 2021-07-20 2c1db81fde [SECURITY] Encode error messages in Query View (thanks to Oliver Hader)
- 2021-07-20 533bae317b [SECURITY] Mitigate XSS in viewpage (thanks to Oliver Bartsch)
- 2021-07-20 f378139c00 [TASK] Mitigate downstream CSV code injection (thanks to Oliver Hader)
- 2021-07-19 7896a61286 [BUGFIX] Prevent TypeError in TableController (thanks to Oliver Bartsch)
- 2021-07-19 80ab8672a9 [BUGFIX] Upgrade packages chart.js, codemirror, ckeditor4 (thanks to Oliver Hader)
- 2021-07-19 0828d06bd6 [TASK] Skip another SVG sanitizer test causing seg fault (thanks to Christian Kuhn)
- 2021-07-16 eac6c2fbab [TASK] Skip SVG sanitizer test causing segmentation fault (thanks to Oliver Hader)
- 2021-07-15 44b2f4b4cd [TASK] Backport SecurityUtility.stripHtml() (thanks to Andreas Fernandez)
- 2021-07-13 a28ebb5f76 [TASK] Streamline identifier usage in SvgFilesSanitization upgrade wizard (thanks to Oliver Hader)
- 2021-07-13 e2040358ab [BUGFIX] Correctly resolve best matching FAL storage (thanks to Oliver Hader)
- 2021-07-13 24d3417dff [TASK] Adjust RST syntax in SVG sanitizer documentation (thanks to Oliver Hader)
- 2021-07-13 45b389d44d [TASK] Introduce SVG Sanitizer (thanks to Oliver Hader)
- 2021-07-12 a06a256e60 [BUGFIX] Properly check shortcut permissions in ShortcutRepository (thanks to Oliver Bartsch)
- 2021-07-12 e705b30274 [TASK] Improve exception messages in ImageService (thanks to Oliver Bartsch)
- 2021-07-12 1184d7292a [BUGFIX] Enable ContextMenu for file mounts and file storages again (thanks to Oliver Bartsch)
- 2021-07-12 16a239e750 [BUGFIX] Remove always true part of if condition (thanks to Nikita Hovratov)
- 2021-07-12 cf1452b9f4 [BUGFIX] Fix missing closing divs in SelectSingleBoxElement (thanks to Nikita Hovratov)
- 2021-07-12 10bc3ffc93 [TASK] Add placeholder for title field in create multiple pages (thanks to Oliver Bartsch)
- 2021-07-09 c802dacfc6 [BUGFIX] Allow to abort a selected upgrade wizard before execution (thanks to Andreas Fernandez)
- 2021-07-09 9fa8fadbc8 [TASK] Reflect patched jQuery state (thanks to Andreas Fernandez)
- 2021-07-09 2301a351f3 [BUGFIX] Unlink temp files in import of ext:impexp (thanks to Daniel Haupt)
- 2021-07-09 3742476215 [BUGFIX] Handle invalid source string correctly in ImageService (thanks to Oliver Bartsch)
- 2021-07-09 bcd19bf23c [BUGFIX] Avoid crash due to endless loop in Fluid-based Page Module (thanks to Oliver Hader)
- 2021-07-07 c109434b4c [DOCS] Complete new pagination changelog rst (thanks to Daniel Siepmann)
- 2021-07-06 9f6110811d [BUGFIX] Set position for alert container to fixed (thanks to Jochen Roth)
- 2021-07-01 3b72f0d59b [DOCS] Use correct method params in #90956 rst-file (thanks to Henrik Elsner)
- 2021-07-01 e3538f3743 [BUGFIX] Fix typos in language labels (thanks to Jochen Roth)
- 2021-06-30 dc125e42c9 [BUGFIX] Declare guzzlehttp/psr7 dependency (thanks to Christian Kuhn)
- 2021-06-28 550c4be1c2 [BUGFIX] Respect TSconfig when adding page translations to recordlist (thanks to Oliver Bartsch)
- 2021-06-27 4761152331 [DOC] Change fallback layer code removal information (thanks to Benni Mack)
- 2021-06-22 2560d67426 [BUGFIX] Fix terms in Info > Page TSconfig (thanks to Sybille Peters)
- 2021-06-22 46a2414710 [BUGFIX] Missing is_array check in setValueByPath (thanks to Rico Sonntag)
- 2021-06-18 51c1caf1dc [BUGFIX] Respect offline storages on context menu initialization (thanks to Oliver Bartsch)
- 2021-06-18 4282c2ca6f [TASK] Extract common site test aspects to trait (thanks to Oliver Hader)
- 2021-06-17 8f14283834 [TASK] Add acceptance test for EXT:reports module (thanks to Jochen Roth)
- 2021-06-16 7b7deb0cc1 [TASK] Add customization examples for felogin (thanks to Jan Stockfisch)
- 2021-06-15 adce6dbe8b [BUGFIX] Fix range handling for eval double (thanks to Patrick Schriner)
- 2021-06-14 ae55eef595 [DOCS] Fix PHP code example in changelog (thanks to Oliver Bartsch)
- 2021-06-14 1ee27a9f16 [TASK] Raise typo3/testing-framework:^6.8.4 (thanks to Christian Kuhn)
- 2021-06-13 258a7b61a4 [TASK] Raise typo3/testing-framework:^6.8.3 (thanks to Christian Kuhn)
- 2021-06-13 a6bb955b9e [BUGFIX] Correct ac test file namespace (thanks to Christian Kuhn)
- 2021-06-11 ef1ea9dc3f [BUGFIX] Fix return annotation of AbstractDomainObject->getUid() (thanks to Andreas Fernandez)
- 2021-06-10 1d7ed0bc69 [BUGFIX] Do not render clipboard actions for page translations (thanks to Oliver Bartsch)
- 2021-06-09 d66b69b251 [TASK] Remove "sha1" from sys_file searchFields (thanks to Guido Schmechel)
- 2021-06-09 6c3ac2d200 [BUGFIX] Check if shortcuts' target table still exists (thanks to Oliver Bartsch)
- 2021-06-09 0193401297 [TASK] Document behaviour of inline parent info in itemsProcFunc (thanks to Oliver Bartsch)
- 2021-06-09 84d6975662 [BUGFIX] Add uid field to fieldDefinitions in EXT:seo (thanks to Oliver Bartsch)
- 2021-06-09 d48c2e969c [BUGFIX] Prevent Uncaught TypeError in Recordlist JavaScript (thanks to Oliver Bartsch)
- 2021-06-08 55bfa13a39 [TASK] Set TYPO3 version to 10.4.18-dev (thanks to Benni Mack)