TYPO3 10.4.2

Release Notes

Version 10.4.2

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2020-04-21 until 2023-04-30.
Extend your support now until 2026-04-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 10.4.2

This document contains information about TYPO3 CMS 10.4.2 which was released on 12.05.2020.

Get TYPO3 10.4.2 now

Checksums of TYPO3 10.4.2


de507d8b2dd9f40aef40ab18136bc9995e1640f2d3ec046df2bc09f57f32e732 typo3_src-10.4.2.tar.gz
91c8f3e42b9fd3b921bd02bc6cf44b8914ec785c919448edf502751204ca417c typo3_src-10.4.2.zip


6cfb8358779a253d46f67e3e74a1559468774f4c typo3_src-10.4.2.tar.gz
e0bd9c8d4be0c038258a931651281b5b31cc1c5b typo3_src-10.4.2.zip


009e9edc53eccce53d8d4db566855275 typo3_src-10.4.2.tar.gz
6680b5c9bd1525dd3857bb6a756fc3f9 typo3_src-10.4.2.zip


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since 10.4.1:

  • 2020-05-12 cf17e40087 [RELEASE] Release of TYPO3 10.4.2 (thanks to Oliver Hader)
  • 2020-05-12 7339543a0f [SECURITY] Escape shortened placeholder text in HTML output (thanks to Markus Klein)
  • 2020-05-12 1b28fec3af [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Oliver Hader)
  • 2020-05-12 e4fb92a85b [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Oliver Hader)
  • 2020-05-12 ab4fec2a1a [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Oliver Hader)
  • 2020-05-12 0040b7b3b6 [SECURITY] Ensure decoded entities are encoded for HTML again (thanks to Oliver Hader)
  • 2020-05-12 14929b98ec [SECURITY] Prevent time based information disclosure (thanks to Frank Naegler)
  • 2020-05-12 dcac1c7044 [TASK] Integrate server response security checks (thanks to Oliver Hader)
  • 2020-05-12 f34eb51661 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez)
  • 2020-05-12 49d8b1ccd8 [BUGFIX] Revert PageReadPermission check for TreeController (thanks to Benni Mack)
  • 2020-05-12 71440487f7 [BUGFIX] Fix internal + external links with URLs fragment (thanks to Benni Mack)
  • 2020-05-12 d5b5b26c68 [BUGFIX] Allow more characters for MySQL / MariaDB database name (thanks to Manuel Selbach)
  • 2020-05-12 379288fbdf [DOCS] ext:dashboard presets feature (thanks to Daniel Siepmann)
  • 2020-05-11 ba457e8358 [BUGFIX] Enable Enhancer support for MountPoints (thanks to Benni Mack)
  • 2020-05-11 02d3c6a37c [BUGFIX] Only call getMovePlaceholder for MOVE_POINTER records (thanks to Benni Mack)
  • 2020-05-11 cd8a613c94 [BUGFIX] Consistently fetch SiteConfiguration from DI (thanks to Helmut Hummel)
  • 2020-05-11 f1a8ae989f [BUGFIX] Correctly evaluate "unique" eval for slug fields (thanks to David König)
  • 2020-05-11 67f1f68f96 [BUGFIX] Disable new content buttons until module is loaded (thanks to Andreas Fernandez)
  • 2020-05-11 2f9d147035 [BUGFIX] Fix HMENU special=directory when site language is in free mode (thanks to Benni Mack)
  • 2020-05-11 0fb9702c73 [BUGFIX] Do not deprecate $GLOBALS[TYPO3_REQUEST] (thanks to Benni Mack)
  • 2020-05-11 1d2f1ba852 [BUGFIX] Fix typo in frontend usergrops CSH details text (thanks to Marcin Sągol)
  • 2020-05-09 e7732cb72f [BUGFIX] Include composer dumpautoload in Test Plan Jobs (thanks to Anja Leichsenring)
  • 2020-05-09 5adf2b7420 [TASK] Use getElementById where feasible (thanks to Andreas Fernandez)
  • 2020-05-09 65597ce966 [TASK] Improve backend module Form description (thanks to Marcin Sągol)
  • 2020-05-09 6b375f6c49 [BUGFIX] Remove obsolete period in scheduler label (thanks to Daniel Goerz)
  • 2020-05-08 e995640dd9 [TASK] Clarify replacement for TSFE->storeSessionData() (thanks to Mathias Brodala)
  • 2020-05-08 02856fcd78 [BUGFIX] Add recipient to FluidEmail Test cases to avoid errors (thanks to Anja Leichsenring)
  • 2020-05-08 b7dc8b2935 [BUGFIX] Use correct constant for email templateName in felogin (thanks to Sebastian Iffland)
  • 2020-05-08 2f366190be [BUGFIX] Fix detection of plugin name by action (thanks to Alexander Schnitzler)
  • 2020-05-08 03f5310617 [BUGFIX] Correctly consider nested tags in frontend HTML parser (thanks to Joschi Kuphal)
  • 2020-05-08 ee06649295 [TASK] Improve file rename duplicate warning message (thanks to Marcin Sągol)
  • 2020-05-06 56269a975c [BUGFIX] Use correct slug for access restricted translated pages (thanks to Benni Mack)
  • 2020-05-06 c342a0dedc [BUGFIX] Respect disabled flag in render method of LinkButton (thanks to Frank Naegler)
  • 2020-05-06 11b5876838 [BUGFIX] Show correct language title for inconsistent content (thanks to Georg Ringer)
  • 2020-05-06 d77b3a45e4 [BUGFIX] Change 3rd argument of calls to callUserFunction() (thanks to Georg Ringer)
  • 2020-05-06 a7e8958360 [TASK] Avoid superfluous reference operator on objects (thanks to Oliver Hader)
  • 2020-05-06 99af82fb01 [BUGFIX] Lift restriction for restricted records in Routing Aspects (thanks to Benni Mack)
  • 2020-05-06 2754fed36f [BUGFIX] Fix typo in identifier exists validation message in site configuration (thanks to Marcin Sągol)
  • 2020-05-05 0df025f859 [BUGFIX] Add 10.4.x changelogs to index as well (thanks to Andreas Fernandez)
  • 2020-05-05 f66a20d382 [TASK] Add rel="noreferrer" to external links of widgets (thanks to Chris Müller)
  • 2020-05-05 da6bd978e4 [BUGFIX] Fix URLs to RSS feeds in Dashboard Widgets (thanks to Richard Haeser)
  • 2020-05-05 6ee5ebe5b1 [BUGFIX] Make rendering of priority option optional in XML sitemaps (thanks to Georg Ringer)
  • 2020-05-04 b7a05352f2 [BUGFIX] Reset window.opener in backend and load modules if authenticated (thanks to Andreas Fernandez)
  • 2020-05-04 b0080cba90 [BUGFIX] Harden deprecation log handling (thanks to Helmut Hummel)
  • 2020-05-04 482d66e915 [BUGFIX] Remove wrong-spelled/not existing class from Services.yaml (thanks to Chris Müller)
  • 2020-05-04 674c3884e7 [BUGFIX] Improve label of cache clearing message (thanks to Georg Ringer)
  • 2020-05-04 aebc8b87f7 [BUGFIX] Cache various where clauses of PageRepository (thanks to Stefan Froemken)
  • 2020-05-04 70fd2f944f [TASK] Respect disabled ElementBrowser also in TableList (thanks to Oliver Bartsch)
  • 2020-05-04 8c38ca6521 [TASK] Enhance custom event dispatching in modal dialog (thanks to Oliver Hader)
  • 2020-05-03 760f209d8e [BUGFIX] Use class instead of HTML comment to determine loading state of IRRE element (thanks to Andreas Fernandez)
  • 2020-05-02 8979378362 [TASK] Remove license header duplicate (thanks to Alexander Schnitzler)
  • 2020-05-02 29cf05d7ac [TASK] Ensure login module is completely loaded and processed (thanks to Oliver Hader)
  • 2020-05-02 40f2402fac [BUGFIX] Fix broken select output in BackenUtility::getFuncMenu() (thanks to Helmut Hummel)
  • 2020-05-01 897f59f62e [BUGFIX] Explicitly fetch element by ID instead of invoking querySelector (thanks to Andreas Fernandez)
  • 2020-05-01 6487672c1c [TASK] Clean up header comments (thanks to Benni Mack)
  • 2020-04-30 2fd5f3f1eb [TASK] Add tags to clearcachehook (thanks to Patrick Schriner)
  • 2020-04-30 7a5752acad [BUGFIX] Re-determine first start module if configuration is invalid (thanks to Andreas Fernandez)
  • 2020-04-29 07280a4f6c [TASK] Use proper TypeScript functions instead of arrow functions (thanks to Oliver Hader)
  • 2020-04-28 66d95e9e67 [BUGFIX] Add missing whitespace in deprecation log entry (thanks to Daniel Goerz)
  • 2020-04-28 b695c3f945 [TASK] Set TYPO3 version to 10.4.2-dev (thanks to Benni Mack)