TYPO3 10.4.33
Release Notes
Stay secure and up-to-date with TYPO3 ELTS!
The TYPO3 CMS community supported from 2020-04-21
until 2023-04-30.
Extend your support now until 2026-04-30 to
get access to the latest security and compatibility updates for this version.
Release Notes for TYPO3 CMS 10.4.33
This document contains information about TYPO3 CMS 10.4.33 which was released on 13.12.2022.
Get TYPO3 10.4.33 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2022-012
- https://typo3.org/security/advisory/typo3-core-sa-2022-013
- https://typo3.org/security/advisory/typo3-core-sa-2022-014
- https://typo3.org/security/advisory/typo3-core-sa-2022-015
- https://typo3.org/security/advisory/typo3-core-sa-2022-016
- https://typo3.org/security/advisory/typo3-core-sa-2022-017
Checksums of TYPO3 10.4.33
SHA256
5eaaaa808dffebc95cead6ac07506fed79831716168460abcea6e000841f8bdb typo3_src-10.4.33.tar.gz 21bca3ce2b446d9752b9f2a9ea5e0561f9b816b8f54ea81362ea392c0db3e89e typo3_src-10.4.33.zip
SHA1
3dcd407eed9c069d630a37f831b741fe59d016ad typo3_src-10.4.33.tar.gz 202d9a9c7003a189fa762023215160647d1b2779 typo3_src-10.4.33.zip
MD5
d9372e30d524a0cdddda8b2f41fe26b5 typo3_src-10.4.33.tar.gz 5e1824656306fd7999125e21d171f58a typo3_src-10.4.33.zip
Package Signatures
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Download GPG signed release README.md file
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/10.4.33/tar.gz wget --content-disposition https://get.typo3.org/10.4.33/tar.gz.sig gpg --verify typo3_src-10.4.33.tar.gz.sig typo3_src-10.4.33.tar.gz
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 10.4.32:
- 2022-12-13 8a90081d01 [RELEASE] Release of TYPO3 10.4.33 (thanks to Oliver Hader)
- 2022-12-13 c86cfb3e78 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.1 (thanks to Oliver Hader)
- 2022-12-13 091735d637 [SECURITY] Disallow introducing Yaml placeholders in user interface (thanks to Oliver Hader)
- 2022-12-13 edf344bfdf [SECURITY] Prohibit TypoScript in form yaml files (thanks to waldhacker)
- 2022-12-13 4ad509273a [SECURITY] Destroy user sessions on password change (thanks to Torben Hansen)
- 2022-12-13 96ed3e627f [SECURITY] Use signed storage PID during frontend authentication (thanks to Oliver Hader)
- 2022-12-13 73b46b6a62 [SECURITY] Avoid DoS when generating Error pages (thanks to Benni Mack)
- 2022-12-13 5e3e54d25c [TASK] Add HTTP host header injection check to reports module (thanks to Oliver Hader)
- 2022-12-13 a136e6b7a1 [BUGFIX] Avoid double UTF-8 encoded PDF metadata in file indexer (thanks to Benjamin Franzke)
- 2022-12-13 19e0b19582 [DOCS] Add example for hook modifyBlindedConfigurationOptions (thanks to Stephan Großberndt)
- 2022-12-07 f1e1e0bbdd [TASK] Introduce string fragment extraction (thanks to Oliver Hader)
- 2022-12-06 1ccf8df8c1 [BUGFIX] Add figure tag to external blocks in rte parsing (thanks to Benjamin Kott)
- 2022-12-06 0840414d4c [BUGFIX] Allow <figure> tag outside of paragraph tags (thanks to Benni Mack)
- 2022-12-05 bce091f4dc [TASK] Upgrade to typo3/html-sanitizer v2.1.0 (thanks to Oliver Hader)
- 2022-12-03 961e6291db [BUGFIX] Allow search terms with large special chars (thanks to Tomas Norre Mikkelsen)
- 2022-12-01 f02f02bc0a [BUGFIX] uft8 encode text to allow special chars in PDF metadata (thanks to Tomas Norre Mikkelsen)
- 2022-11-12 5f02be93ff [BUGFIX] Update moment* packages (thanks to Andreas Fernandez)
- 2022-11-02 bcae924d9e [BUGFIX] Properly encode error messages in FileController (thanks to Oliver Hader)
- 2022-10-19 7e747470fd [BUGFIX] Cover multi-value properties in form editor with HMAC (thanks to Oliver Hader)
- 2022-10-14 5ddc64055f [TASK] Add .gitignore for JetBrains Fleet editor (thanks to Stefan Bürk)
- 2022-09-16 c5e1078a73 [TASK] Remove wrong doc comments in \TYPO3\CMS\Core\Database\Connection (thanks to Torben Hansen)
- 2022-09-16 65580b5a36 [TASK] Allow flushing the makeInstance class name caches for testing (thanks to Oliver Klee)
- 2022-09-13 dd0c7dbb49 [TASK] Set TYPO3 version to 10.4.33-dev (thanks to Oliver Hader)