TYPO3 10.4.57 ELTS

Release Notes

Version 10.4.57 ELTS

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2020-04-21 until 2023-04-30.
Extend your support now until 2027-04-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 10.4.57

This document contains information about TYPO3 CMS 10.4.57 which was released on 09.06.2026.

Get TYPO3 10.4.57 now

Checksums of TYPO3 10.4.57

SHA256

29f07259aa7ce6d4495823b6fa92c8bd736c8410b998d9c8e6c1fb8c101bc1fb typo3_src-10.4.57.tar.gz
98de4f1fe6ac44a5d2205ab2e10f6d52d6a2326a0532ed5a656ca1bcc94326db typo3_src-10.4.57.zip

SHA1

2d2f947f88212f543befc959909b616416e85c2f typo3_src-10.4.57.tar.gz
2d276c58622365c4170192f0ce6f76cb70bb0802 typo3_src-10.4.57.zip

MD5

d41d8cd98f00b204e9800998ecf8427e typo3_src-10.4.57.tar.gz
d41d8cd98f00b204e9800998ecf8427e typo3_src-10.4.57.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Upgrading

The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

Here is a list of what was fixed since 10.4.56:

  • 2026-06-09 f6489f9212 [RELEASE] Release of TYPO3 10.4.57 (thanks to Andreas Kienast)
  • 2026-06-09 5ebd307d86 [SECURITY] Mitigate deserialization flaws (thanks to Oliver Hader)
  • 2026-06-09 d5deb878cf [TASK] Extract DeserializationService from PolymorphicDeserializer (thanks to Oliver Hader)
  • 2026-06-09 d60acc4fe7 [TASK] Speed up PolymorphicDeserializer::parseClassNames() (thanks to Oliver Hader)
  • 2026-06-09 546bda2046 [TASK] Streamline test cases (thanks to Oliver Hader)
  • 2026-06-09 d2e85c444c [SECURITY] Properly evaluate .form.yaml file extension (thanks to Oliver Hader)
  • 2026-06-09 054cdecdd5 [SECURITY] Check file permissions before showing meta data (thanks to Oliver Hader)
  • 2026-06-09 73dfe4d4ee [SECURITY] Fix path prefix confusion in isAllowedAbsPath (thanks to Oliver Hader)
  • 2026-06-09 ad2cf2f728 [SECURITY] Check record/file access when adding records to clipboard (thanks to Elias Häußler)
  • 2026-06-09 aa4da25bbe [SECURITY] Fix open redirection in GeneralUtility::sanitizeLocalUrl (thanks to Benjamin Franzke)
  • 2026-06-09 791c28df95 [SECURITY] Validate permissions on record undelete (thanks to Elias Häußler)
  • 2026-06-09 1ad3d38f5a [SECURITY] Properly detect .form.yaml suffixes in resource layer (thanks to Oliver Hader)
  • 2026-06-09 655fa8282d [SECURITY] Deny destructive write actions on mount folders (thanks to Elias Häußler)
  • 2026-06-09 77efbd1071 [SECURITY] Raise typo3/html-sanitizer to v2.3.2 (thanks to Oliver Hader)
  • 2026-06-09 7beaa99098 [BUGFIX] Drop f:format.raw on SiteConfiguration returnUrl field (thanks to Oliver Hader)
  • 2026-06-09 ef509b26c3 [TASK] Flush rootline caches in ValuePickerItemDataProviderTest (thanks to Benjamin Franzke)
  • 2026-06-08 4844353d11 [TASK] Update all Symfony packages (thanks to Andreas Kienast)
  • 2026-05-11 40618883e1 [TASK] Normalize backslashes in ZipService::verify() (thanks to Oliver Hader)
  • 2026-05-11 790c31b05b [TASK] Flush rootline caches in RedirectRepositoryTest (thanks to Andreas Kienast)
  • 2026-05-11 3d59467335 [TASK] Raise expired timestamps in acceptance test fixtures (thanks to Benjamin Franzke)
  • 2026-05-11 dfaef67d4e [TASK] Fix acceptance tests (thanks to Andreas Kienast)
  • 2026-04-22 2f13ff8458 [BUGFIX] Fix url check in GeneralUtility::sanitizeLocalUrl (thanks to Thomas Hohn)
  • 2026-01-20 ea31a823f9 [TASK] Set TYPO3 version to 10.4.57-dev (thanks to Andreas Kienast)