TYPO3 11.1.1

Release Notes

Version 11.1.1

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2020-12-22 until 2024-10-31.
Extend your support now until 2027-10-31 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 11.1.1

This document contains information about TYPO3 CMS 11.1.1 which was released on 16.03.2021.

Get TYPO3 11.1.1 now

Checksums of TYPO3 11.1.1

SHA256

dd447d818648788537e6caa42010473c0990786b2cc9b390c785930ff08cadb2 typo3_src-11.1.1.tar.gz
2ee446ed37baecd876287a3ca276430c56373641475df2bffb6cdf635d91a7d6 typo3_src-11.1.1.zip

SHA1

669f802901a650f25fd1d385fd7e3d5c2f829aef typo3_src-11.1.1.tar.gz
12abbbffad89b525255f1a765f383db65e179c32 typo3_src-11.1.1.zip

MD5

f1f1b035bf7c5b8ea0a9c7766f747cdf typo3_src-11.1.1.tar.gz
16612cb96054b6d6b26bf3c4627bc620 typo3_src-11.1.1.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/11.1.1/tar.gz
wget --content-disposition https://get.typo3.org/11.1.1/tar.gz.sig
gpg --verify typo3_src-11.1.1.tar.gz.sig typo3_src-11.1.1.tar.gz

Upgrading

The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

Here is a list of what was fixed since 11.1.0:

  • 2021-03-16 67471a2b5b [RELEASE] Release of TYPO3 11.1.1 (thanks to Oliver Hader)
  • 2021-03-16 33ddc49a26 [SECURITY] Mitigate XSS in PreviewRenderer for menus (thanks to Oliver Bartsch)
  • 2021-03-16 2adc071b7a [SECURITY] XSS in PreviewRenderer with descriptions (thanks to Andreas Fernandez)
  • 2021-03-16 71914e5f06 [SECURITY] Avoid storing plain session identifier in $USER->uc (thanks to Oliver Hader)
  • 2021-03-16 ba66465e00 [SECURITY] Add cache for error page handling (thanks to Frank Naegler)
  • 2021-03-16 11eb857edf [SECURITY] XSS in form creation wizard (thanks to Andreas Fernandez)
  • 2021-03-16 d9f2da3376 [SECURITY] Validate allowed values for form element editors (thanks to Ralf Zimmermann)
  • 2021-03-16 20f9a7d59d [SECURITY] Mitigate directly accessible file upload in form framework (thanks to Oliver Hader)
  • 2021-03-16 d5c16bc178 [SECURITY] Prevent urls starting with // to be used for redirects (thanks to Torben Hansen)
  • 2021-03-15 c887afe998 [TASK] Update CKEditor to 4.16.0 (thanks to Georg Ringer)
  • 2021-03-15 26a0a53ab2 [TASK] Set TYPO3 version to 11.1.1-dev (thanks to Oliver Hader)