TYPO3 10.4.33

Release Notes

Version 10.4.33

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2020-04-21 until 2023-04-30.
Extend your support now until 2026-04-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 10.4.33

This document contains information about TYPO3 CMS 10.4.33 which was released on 13.12.2022.

Get TYPO3 10.4.33 now

Checksums of TYPO3 10.4.33


5eaaaa808dffebc95cead6ac07506fed79831716168460abcea6e000841f8bdb typo3_src-10.4.33.tar.gz
21bca3ce2b446d9752b9f2a9ea5e0561f9b816b8f54ea81362ea392c0db3e89e typo3_src-10.4.33.zip


3dcd407eed9c069d630a37f831b741fe59d016ad typo3_src-10.4.33.tar.gz
202d9a9c7003a189fa762023215160647d1b2779 typo3_src-10.4.33.zip


d9372e30d524a0cdddda8b2f41fe26b5 typo3_src-10.4.33.tar.gz
5e1824656306fd7999125e21d171f58a typo3_src-10.4.33.zip


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since 10.4.32:

  • 2022-12-13 8a90081d01 [RELEASE] Release of TYPO3 10.4.33 (thanks to Oliver Hader)
  • 2022-12-13 c86cfb3e78 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.1 (thanks to Oliver Hader)
  • 2022-12-13 091735d637 [SECURITY] Disallow introducing Yaml placeholders in user interface (thanks to Oliver Hader)
  • 2022-12-13 edf344bfdf [SECURITY] Prohibit TypoScript in form yaml files (thanks to waldhacker)
  • 2022-12-13 4ad509273a [SECURITY] Destroy user sessions on password change (thanks to Torben Hansen)
  • 2022-12-13 96ed3e627f [SECURITY] Use signed storage PID during frontend authentication (thanks to Oliver Hader)
  • 2022-12-13 73b46b6a62 [SECURITY] Avoid DoS when generating Error pages (thanks to Benni Mack)
  • 2022-12-13 5e3e54d25c [TASK] Add HTTP host header injection check to reports module (thanks to Oliver Hader)
  • 2022-12-13 a136e6b7a1 [BUGFIX] Avoid double UTF-8 encoded PDF metadata in file indexer (thanks to Benjamin Franzke)
  • 2022-12-13 19e0b19582 [DOCS] Add example for hook modifyBlindedConfigurationOptions (thanks to Stephan Großberndt)
  • 2022-12-07 f1e1e0bbdd [TASK] Introduce string fragment extraction (thanks to Oliver Hader)
  • 2022-12-06 1ccf8df8c1 [BUGFIX] Add figure tag to external blocks in rte parsing (thanks to Benjamin Kott)
  • 2022-12-06 0840414d4c [BUGFIX] Allow <figure> tag outside of paragraph tags (thanks to Benni Mack)
  • 2022-12-05 bce091f4dc [TASK] Upgrade to typo3/html-sanitizer v2.1.0 (thanks to Oliver Hader)
  • 2022-12-03 961e6291db [BUGFIX] Allow search terms with large special chars (thanks to Tomas Norre Mikkelsen)
  • 2022-12-01 f02f02bc0a [BUGFIX] uft8 encode text to allow special chars in PDF metadata (thanks to Tomas Norre Mikkelsen)
  • 2022-11-12 5f02be93ff [BUGFIX] Update moment* packages (thanks to Andreas Fernandez)
  • 2022-11-02 bcae924d9e [BUGFIX] Properly encode error messages in FileController (thanks to Oliver Hader)
  • 2022-10-19 7e747470fd [BUGFIX] Cover multi-value properties in form editor with HMAC (thanks to Oliver Hader)
  • 2022-10-14 5ddc64055f [TASK] Add .gitignore for JetBrains Fleet editor (thanks to Stefan Bürk)
  • 2022-09-16 c5e1078a73 [TASK] Remove wrong doc comments in \TYPO3\CMS\Core\Database\Connection (thanks to Torben Hansen)
  • 2022-09-16 65580b5a36 [TASK] Allow flushing the makeInstance class name caches for testing (thanks to Oliver Klee)
  • 2022-09-13 dd0c7dbb49 [TASK] Set TYPO3 version to 10.4.33-dev (thanks to Oliver Hader)