TYPO3 11.5.20
Release Notes
Release Notes for TYPO3 CMS 11.5.20
This document contains information about TYPO3 CMS 11.5.20 which was released on 13.12.2022.
Get TYPO3 11.5.20 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2022-012
- https://typo3.org/security/advisory/typo3-core-sa-2022-013
- https://typo3.org/security/advisory/typo3-core-sa-2022-014
- https://typo3.org/security/advisory/typo3-core-sa-2022-015
- https://typo3.org/security/advisory/typo3-core-sa-2022-016
- https://typo3.org/security/advisory/typo3-core-sa-2022-017
Checksums of TYPO3 11.5.20
SHA256
14bcd4012322ebf5a9da7241821e0fc40c8e91ab5f283709de96300c7940c439 typo3_src-11.5.20.tar.gz ad11d45b7eae08f48ec23716185e946ea4f8c59cb46bd81dba63412e6547c92f typo3_src-11.5.20.zip
SHA1
e68d12ea6dc1c164eb4ee3973f13a6e698acbc66 typo3_src-11.5.20.tar.gz ca7303c900e85804e7741f7860a578e0b6bf05f1 typo3_src-11.5.20.zip
MD5
bb161a085b756740790e161778cdd4e0 typo3_src-11.5.20.tar.gz b1bc75357026f6827e58b7141a257bb4 typo3_src-11.5.20.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 11.5.19:
- 2022-12-13 7dd798416c [RELEASE] Release of TYPO3 11.5.20 (thanks to Oliver Hader)
- 2022-12-13 f34511b764 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.1 (thanks to Oliver Hader)
- 2022-12-13 e271621f62 [SECURITY] Disallow introducing Yaml placeholders in user interface (thanks to Oliver Hader)
- 2022-12-13 fb74f1d668 [SECURITY] Prohibit TypoScript in form yaml files (thanks to waldhacker)
- 2022-12-13 4a41c71b8c [SECURITY] Destroy user sessions on password change (thanks to Torben Hansen)
- 2022-12-13 640a6f6285 [SECURITY] Use signed storage PID during frontend authentication (thanks to Oliver Hader)
- 2022-12-13 1e5f44417f [SECURITY] Avoid DoS when generating Error pages (thanks to Benni Mack)
- 2022-12-13 6c6f137e28 [TASK] Add HTTP host header injection check to reports module (thanks to Oliver Hader)
- 2022-12-13 22d777eb51 [BUGFIX] Avoid double UTF-8 encoded PDF metadata in file indexer (thanks to Benjamin Franzke)
- 2022-12-13 42271d9b30 [DOCS] Add example for hook modifyBlindedConfigurationOptions (thanks to Stephan Großberndt)
- 2022-12-09 c4c07fbf11 [DOCS] Fix links of "Edit on GitHub" button (thanks to Chris Müller)
- 2022-12-07 2aa2206cd2 [BUGFIX] Avoid exceptions / PHP 8 error with empty list_type (thanks to Benni Mack)
- 2022-12-07 1c2e12653d [BUGFIX] Fix addService PHP 8 warning (thanks to Benni Mack)
- 2022-12-07 5488994d9d [TASK] Introduce string fragment extraction (thanks to Oliver Hader)
- 2022-12-06 3402b30553 [BUGFIX] Cast integer values in Fluid ViewHelpers (thanks to Achim Fritz)
- 2022-12-06 cc19dbddcd [BUGFIX] Add figure tag to external blocks in rte parsing (thanks to Benjamin Kott)
- 2022-12-06 96846de7f4 [BUGFIX] Allow <figure> tag outside of paragraph tags (thanks to Benni Mack)
- 2022-12-05 e537029c0e [BUGFIX] Ensure correct page-section cache identifier calculation (thanks to Stefan Bürk)
- 2022-12-05 4e884800da [TASK] Upgrade to typo3/html-sanitizer v2.1.0 (thanks to Oliver Hader)
- 2022-12-05 5202467549 [TASK] Display language label keys in configuration module (thanks to Oliver Bartsch)
- 2022-12-03 662b4b5179 [BUGFIX] Allow search terms with large special chars (thanks to Tomas Norre Mikkelsen)
- 2022-12-02 48a379e8d1 [TASK] Update guzzle components (thanks to Benni Mack)
- 2022-12-01 312ed402dd [BUGFIX] uft8 encode text to allow special chars in PDF metadata (thanks to Tomas Norre Mikkelsen)
- 2022-12-01 dc0ad26929 [TASK] Extend testing range to PHP8.2 with more dbms versions (thanks to Stefan Bürk)
- 2022-11-28 6f7b297844 [BUGFIX] Cover invalid type
db
input in ContentObjectRenderer->getData (thanks to Nikita Hovratov) - 2022-11-27 2d7ad4cd51 [BUGFIX] Avoid undefined array key warning in LanguageService (thanks to Stefan Bürk)
- 2022-11-25 fee58b6403 [TASK] AdminPanel: Group sql queries made by PageRepository (thanks to Christoph Lehmann)
- 2022-11-25 e5bc0eabe6 [BUGFIX] Close shortcut menu when opening an entry (thanks to Andreas Fernandez)
- 2022-11-23 2474d169db [BUGFIX] Avoid undefined array key access in LanguageMenuProcessor (thanks to J. Peter M. Schuler)
- 2022-11-23 6ce2949466 [BUGFIX] Avoid undefined array keys in Indexer (thanks to Chris Müller)
- 2022-11-23 fa7b0589dc [BUGFIX] Avoid undefined array key in AbstractPlugin::pi_exec_query (thanks to J. Peter M. Schuler)
- 2022-11-23 e389a171a2 [BUGFIX] Avoid undefined array key in ContentObjectRenderer::parseFuncInternal (thanks to J. Peter M. Schuler)
- 2022-11-22 9d27452950 [BUGFIX] Avoid undefined array key in ContentObjectRenderer:noTrimWrap (thanks to J. Peter M. Schuler)
- 2022-11-22 f640747470 [BUGFIX] Use correct ordering of nl2br & htmlspecialchars (thanks to Georg Ringer)
- 2022-11-22 550c250fb3 [BUGFIX] Recover felogin password recovery functionality (thanks to Markus Klein)
- 2022-11-21 8b3eb1ac9a [BUGFIX] Prevent PHP 8.1 runtime deprecation notice in IconRegistry (thanks to Nikita Hovratov)
- 2022-11-20 4853855619 [TASK] Remove a useless WorkspaceService test (thanks to Christian Kuhn)
- 2022-11-20 2796a33502 [BUGFIX] Fix variable assignment of default duplication behaviour action (thanks to Oliver Bartsch)
- 2022-11-19 3250cf9f07 [BUGFIX] Make file processing configuration serializable (thanks to Roman Büchler)
- 2022-11-19 0674795a54 [TASK] Improve type annotations in Extbase\Annotation classes (thanks to Oliver Klee)
- 2022-11-19 256ddbf345 [TASK] Improve type annotations for GU::locationHeaderUrl (thanks to Oliver Klee)
- 2022-11-19 df4b99a1dc [BUGFIX] Avoid undefined array key in ContentObjectRenderer::stdWrap (thanks to J. Peter M. Schuler)
- 2022-11-19 5a538b8e49 [BUGFIX] Avoid undef array key in ContentObjectRenderer (thanks to Christian Kuhn)
- 2022-11-18 82780ade8c [BUGFIX] Do not mark the FAL-related Extbase models as internal anymore (thanks to Oliver Klee)
- 2022-11-17 894928ddfd [BUGFIX] Avoid accessing null-row (thanks to Ingo Fabbri)
- 2022-11-17 0ca57511ca [TASK] Make action name in ActionController::redirect/forward nullable (thanks to Oliver Klee)
- 2022-11-17 a871015a7b [BUGFIX] Avoid undefined array key "title" in BackendUtility (thanks to Matthias Vogel)
- 2022-11-17 399da67456 [TASK] Annotate ActionController methods that never return (thanks to Oliver Klee)
- 2022-11-16 8eb18654af [BUGFIX] Avoid undefined array key "pointer." in AbstractPlugin (thanks to J. Peter M. Schuler)
- 2022-11-16 9004231dba [BUGFIX] Avoid undefined array key in AbstractPlugin pi_isOnlyFields (thanks to J. Peter M. Schuler)
- 2022-11-15 e11b2cce25 [TASK] Streamline TYPO3\CMS\Core\Utility\ArrayUtility::filterRecursive (thanks to Oliver Hader)
- 2022-11-15 7ab385466e [BUGFIX] Avoid undefined array key "parent." in AbstractPlugin (thanks to Chris Müller)
- 2022-11-15 9f4b0554c9 [BUGFIX] Localize plugin names in EXT:indexed_search and EXT:form (thanks to Chris Müller)
- 2022-11-15 b281a4be73 [TASK] Set TYPO3 version to 11.5.20-dev (thanks to Benni Mack)