TYPO3 10.4.33
Release Notes
Release Notes for TYPO3 CMS 10.4.33
This document contains information about TYPO3 CMS 10.4.33 which was released on 13.12.2022.
Get TYPO3 10.4.33 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2022-012
- https://typo3.org/security/advisory/typo3-core-sa-2022-013
- https://typo3.org/security/advisory/typo3-core-sa-2022-014
- https://typo3.org/security/advisory/typo3-core-sa-2022-015
- https://typo3.org/security/advisory/typo3-core-sa-2022-016
- https://typo3.org/security/advisory/typo3-core-sa-2022-017
Checksums of TYPO3 10.4.33
SHA256
5eaaaa808dffebc95cead6ac07506fed79831716168460abcea6e000841f8bdb typo3_src-10.4.33.tar.gz 21bca3ce2b446d9752b9f2a9ea5e0561f9b816b8f54ea81362ea392c0db3e89e typo3_src-10.4.33.zip
SHA1
3dcd407eed9c069d630a37f831b741fe59d016ad typo3_src-10.4.33.tar.gz 202d9a9c7003a189fa762023215160647d1b2779 typo3_src-10.4.33.zip
MD5
d9372e30d524a0cdddda8b2f41fe26b5 typo3_src-10.4.33.tar.gz 5e1824656306fd7999125e21d171f58a typo3_src-10.4.33.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since [10.4.32]:
- 2022-12-13 8a90081d01 [RELEASE] Release of TYPO3 10.4.33 (thanks to Oliver Hader)
- 2022-12-13 c86cfb3e78 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.1 (thanks to Oliver Hader)
- 2022-12-13 091735d637 [SECURITY] Disallow introducing Yaml placeholders in user interface (thanks to Oliver Hader)
- 2022-12-13 edf344bfdf [SECURITY] Prohibit TypoScript in form yaml files (thanks to waldhacker)
- 2022-12-13 4ad509273a [SECURITY] Destroy user sessions on password change (thanks to Torben Hansen)
- 2022-12-13 96ed3e627f [SECURITY] Use signed storage PID during frontend authentication (thanks to Oliver Hader)
- 2022-12-13 73b46b6a62 [SECURITY] Avoid DoS when generating Error pages (thanks to Benni Mack)
- 2022-12-13 5e3e54d25c [TASK] Add HTTP host header injection check to reports module (thanks to Oliver Hader)
- 2022-12-13 a136e6b7a1 [BUGFIX] Avoid double UTF-8 encoded PDF metadata in file indexer (thanks to Benjamin Franzke)
- 2022-12-13 19e0b19582 [DOCS] Add example for hook modifyBlindedConfigurationOptions (thanks to Stephan Großberndt)
- 2022-12-07 f1e1e0bbdd [TASK] Introduce string fragment extraction (thanks to Oliver Hader)
- 2022-12-06 1ccf8df8c1 [BUGFIX] Add figure tag to external blocks in rte parsing (thanks to Benjamin Kott)
- 2022-12-06 0840414d4c [BUGFIX] Allow <figure> tag outside of paragraph tags (thanks to Benni Mack)
- 2022-12-05 bce091f4dc [TASK] Upgrade to typo3/html-sanitizer v2.1.0 (thanks to Oliver Hader)
- 2022-12-03 961e6291db [BUGFIX] Allow search terms with large special chars (thanks to Tomas Norre Mikkelsen)
- 2022-12-01 f02f02bc0a [BUGFIX] uft8 encode text to allow special chars in PDF metadata (thanks to Tomas Norre Mikkelsen)
- 2022-11-12 5f02be93ff [BUGFIX] Update moment* packages (thanks to Andreas Fernandez)
- 2022-11-02 bcae924d9e [BUGFIX] Properly encode error messages in FileController (thanks to Oliver Hader)
- 2022-10-19 7e747470fd [BUGFIX] Cover multi-value properties in form editor with HMAC (thanks to Oliver Hader)
- 2022-10-14 5ddc64055f [TASK] Add .gitignore for JetBrains Fleet editor (thanks to Stefan Bürk)
- 2022-09-16 c5e1078a73 [TASK] Remove wrong doc comments in \TYPO3\CMS\Core\Database\Connection (thanks to Torben Hansen)
- 2022-09-16 65580b5a36 [TASK] Allow flushing the makeInstance class name caches for testing (thanks to Oliver Klee)
- 2022-09-13 dd0c7dbb49 [TASK] Set TYPO3 version to 10.4.33-dev (thanks to Oliver Hader)