TYPO3 10.4.2
Release Notes
Release Notes for TYPO3 CMS 10.4.2
This document contains information about TYPO3 CMS 10.4.2 which was released on 12.05.2020.
Get TYPO3 10.4.2 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2020-001
- https://typo3.org/security/advisory/typo3-core-sa-2020-002
- https://typo3.org/security/advisory/typo3-core-sa-2020-003
- https://typo3.org/security/advisory/typo3-core-sa-2020-004
- https://typo3.org/security/advisory/typo3-core-sa-2020-005
- https://typo3.org/security/advisory/typo3-core-sa-2020-006
Checksums of TYPO3 10.4.2
SHA256
de507d8b2dd9f40aef40ab18136bc9995e1640f2d3ec046df2bc09f57f32e732 typo3_src-10.4.2.tar.gz 91c8f3e42b9fd3b921bd02bc6cf44b8914ec785c919448edf502751204ca417c typo3_src-10.4.2.zip
SHA1
6cfb8358779a253d46f67e3e74a1559468774f4c typo3_src-10.4.2.tar.gz e0bd9c8d4be0c038258a931651281b5b31cc1c5b typo3_src-10.4.2.zip
MD5
009e9edc53eccce53d8d4db566855275 typo3_src-10.4.2.tar.gz 6680b5c9bd1525dd3857bb6a756fc3f9 typo3_src-10.4.2.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since [10.4.1]:
- 2020-05-12 cf17e40087 [RELEASE] Release of TYPO3 10.4.2 (thanks to Oliver Hader)
- 2020-05-12 7339543a0f [SECURITY] Escape shortened placeholder text in HTML output (thanks to Markus Klein)
- 2020-05-12 1b28fec3af [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Oliver Hader)
- 2020-05-12 e4fb92a85b [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Oliver Hader)
- 2020-05-12 ab4fec2a1a [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Oliver Hader)
- 2020-05-12 0040b7b3b6 [SECURITY] Ensure decoded entities are encoded for HTML again (thanks to Oliver Hader)
- 2020-05-12 14929b98ec [SECURITY] Prevent time based information disclosure (thanks to Frank Naegler)
- 2020-05-12 dcac1c7044 [TASK] Integrate server response security checks (thanks to Oliver Hader)
- 2020-05-12 f34eb51661 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez)
- 2020-05-12 49d8b1ccd8 [BUGFIX] Revert PageReadPermission check for TreeController (thanks to Benni Mack)
- 2020-05-12 71440487f7 [BUGFIX] Fix internal + external links with URLs fragment (thanks to Benni Mack)
- 2020-05-12 d5b5b26c68 [BUGFIX] Allow more characters for MySQL / MariaDB database name (thanks to Manuel Selbach)
- 2020-05-12 379288fbdf [DOCS] ext:dashboard presets feature (thanks to Daniel Siepmann)
- 2020-05-11 ba457e8358 [BUGFIX] Enable Enhancer support for MountPoints (thanks to Benni Mack)
- 2020-05-11 02d3c6a37c [BUGFIX] Only call getMovePlaceholder for MOVE_POINTER records (thanks to Benni Mack)
- 2020-05-11 cd8a613c94 [BUGFIX] Consistently fetch SiteConfiguration from DI (thanks to Helmut Hummel)
- 2020-05-11 f1a8ae989f [BUGFIX] Correctly evaluate "unique" eval for slug fields (thanks to David König)
- 2020-05-11 67f1f68f96 [BUGFIX] Disable new content buttons until module is loaded (thanks to Andreas Fernandez)
- 2020-05-11 2f9d147035 [BUGFIX] Fix HMENU special=directory when site language is in free mode (thanks to Benni Mack)
- 2020-05-11 0fb9702c73 [BUGFIX] Do not deprecate $GLOBALS[TYPO3_REQUEST] (thanks to Benni Mack)
- 2020-05-11 1d2f1ba852 [BUGFIX] Fix typo in frontend usergrops CSH details text (thanks to Marcin Sągol)
- 2020-05-09 e7732cb72f [BUGFIX] Include composer dumpautoload in Test Plan Jobs (thanks to Anja Leichsenring)
- 2020-05-09 5adf2b7420 [TASK] Use getElementById where feasible (thanks to Andreas Fernandez)
- 2020-05-09 65597ce966 [TASK] Improve backend module Form description (thanks to Marcin Sągol)
- 2020-05-09 6b375f6c49 [BUGFIX] Remove obsolete period in scheduler label (thanks to Daniel Goerz)
- 2020-05-08 e995640dd9 [TASK] Clarify replacement for TSFE->storeSessionData() (thanks to Mathias Brodala)
- 2020-05-08 02856fcd78 [BUGFIX] Add recipient to FluidEmail Test cases to avoid errors (thanks to Anja Leichsenring)
- 2020-05-08 b7dc8b2935 [BUGFIX] Use correct constant for email templateName in felogin (thanks to Sebastian Iffland)
- 2020-05-08 2f366190be [BUGFIX] Fix detection of plugin name by action (thanks to Alexander Schnitzler)
- 2020-05-08 03f5310617 [BUGFIX] Correctly consider nested tags in frontend HTML parser (thanks to Joschi Kuphal)
- 2020-05-08 ee06649295 [TASK] Improve file rename duplicate warning message (thanks to Marcin Sągol)
- 2020-05-06 56269a975c [BUGFIX] Use correct slug for access restricted translated pages (thanks to Benni Mack)
- 2020-05-06 c342a0dedc [BUGFIX] Respect disabled flag in render method of LinkButton (thanks to Frank Naegler)
- 2020-05-06 11b5876838 [BUGFIX] Show correct language title for inconsistent content (thanks to Georg Ringer)
- 2020-05-06 d77b3a45e4 [BUGFIX] Change 3rd argument of calls to callUserFunction() (thanks to Georg Ringer)
- 2020-05-06 a7e8958360 [TASK] Avoid superfluous reference operator on objects (thanks to Oliver Hader)
- 2020-05-06 99af82fb01 [BUGFIX] Lift restriction for restricted records in Routing Aspects (thanks to Benni Mack)
- 2020-05-06 2754fed36f [BUGFIX] Fix typo in identifier exists validation message in site configuration (thanks to Marcin Sągol)
- 2020-05-05 0df025f859 [BUGFIX] Add 10.4.x changelogs to index as well (thanks to Andreas Fernandez)
- 2020-05-05 f66a20d382 [TASK] Add rel="noreferrer" to external links of widgets (thanks to Chris Müller)
- 2020-05-05 da6bd978e4 [BUGFIX] Fix URLs to RSS feeds in Dashboard Widgets (thanks to Richard Haeser)
- 2020-05-05 6ee5ebe5b1 [BUGFIX] Make rendering of priority option optional in XML sitemaps (thanks to Georg Ringer)
- 2020-05-04 b7a05352f2 [BUGFIX] Reset
window.openerin backend and load modules if authenticated (thanks to Andreas Fernandez) - 2020-05-04 b0080cba90 [BUGFIX] Harden deprecation log handling (thanks to Helmut Hummel)
- 2020-05-04 482d66e915 [BUGFIX] Remove wrong-spelled/not existing class from Services.yaml (thanks to Chris Müller)
- 2020-05-04 674c3884e7 [BUGFIX] Improve label of cache clearing message (thanks to Georg Ringer)
- 2020-05-04 aebc8b87f7 [BUGFIX] Cache various where clauses of PageRepository (thanks to Stefan Froemken)
- 2020-05-04 70fd2f944f [TASK] Respect disabled ElementBrowser also in TableList (thanks to Oliver Bartsch)
- 2020-05-04 8c38ca6521 [TASK] Enhance custom event dispatching in modal dialog (thanks to Oliver Hader)
- 2020-05-03 760f209d8e [BUGFIX] Use class instead of HTML comment to determine loading state of IRRE element (thanks to Andreas Fernandez)
- 2020-05-02 8979378362 [TASK] Remove license header duplicate (thanks to Alexander Schnitzler)
- 2020-05-02 29cf05d7ac [TASK] Ensure login module is completely loaded and processed (thanks to Oliver Hader)
- 2020-05-02 40f2402fac [BUGFIX] Fix broken select output in BackenUtility::getFuncMenu() (thanks to Helmut Hummel)
- 2020-05-01 897f59f62e [BUGFIX] Explicitly fetch element by ID instead of invoking querySelector (thanks to Andreas Fernandez)
- 2020-05-01 6487672c1c [TASK] Clean up header comments (thanks to Benni Mack)
- 2020-04-30 2fd5f3f1eb [TASK] Add tags to clearcachehook (thanks to Patrick Schriner)
- 2020-04-30 7a5752acad [BUGFIX] Re-determine first start module if configuration is invalid (thanks to Andreas Fernandez)
- 2020-04-29 07280a4f6c [TASK] Use proper TypeScript functions instead of arrow functions (thanks to Oliver Hader)
- 2020-04-28 66d95e9e67 [BUGFIX] Add missing whitespace in deprecation log entry (thanks to Daniel Goerz)
- 2020-04-28 b695c3f945 [TASK] Set TYPO3 version to 10.4.2-dev (thanks to Benni Mack)