TYPO3 11.5.23

Release Notes

Version 11.5.23

Release Notes for TYPO3 CMS 11.5.23

This document contains information about TYPO3 CMS 11.5.23 which was released on 07.02.2023.

Get TYPO3 11.5.23 now


This release is a combined bug fix and security release.

Find more details in the security bulletins:

Read TYPO3 11.5.23 Release News

Checksums of TYPO3 11.5.23


acac3d86a392972851cd26e3ed16568d0327cd41cbcd6ccf5174c20b06224c15 typo3_src-11.5.23.tar.gz
76737e6ed7d4d47bc83919ac9d054a1ca3015f26e36bc85d3c270739368265e4 typo3_src-11.5.23.zip


af0b6b212e1a47b4bf7ecca2b8681371cb19b18b typo3_src-11.5.23.tar.gz
590f4f93358ea05396e32d62b24f9f28eba389b8 typo3_src-11.5.23.zip


1ca5e34addbaa05570277ab3edd8c31a typo3_src-11.5.23.tar.gz
6038a5b573846f5fdec96d31a99d239b typo3_src-11.5.23.zip


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since 11.5.22:

  • 2023-02-07 03f79d4d1b [RELEASE] Release of TYPO3 11.5.23 (thanks to Oliver Hader)
  • 2023-02-07 b809408340 [SECURITY] Prevent XSS due to wrong PATH_INFO evaluation (thanks to Benjamin Franzke)
  • 2023-02-07 c008616da3 [TASK] Improve comments and readability in PageArgumentValidator (thanks to Benjamin Franzke)
  • 2023-02-07 adaa7dc03c [BUGFIX] Avoid disabling page caches when having cHash validation enforced (thanks to Oliver Hader)
  • 2023-02-06 840f8af3ea [BUGFIX] Enforce validation when no cHash is given (thanks to Benni Mack)
  • 2023-02-04 fa9a99f2f8 [TASK] Update PHP dependencies (thanks to Benni Mack)
  • 2023-02-04 031cbb66f0 [TASK] Migrate deprecated PHPUnit 9 methods (thanks to Nikita Hovratov)
  • 2023-02-03 90b8572246 [BUGFIX] Fix PHP 8 warning in ExtendedTemplateService (thanks to Thomas Hohn)
  • 2023-02-02 c5fe4ed0ab [BUGFIX] Avoid re-paints and re-layouts in page tree on drag&drop (thanks to Andreas Fernandez)
  • 2023-02-01 a7bc75b469 [BUGFIX] Fix PHP 8 warning in RootlineUtility (thanks to Thomas Hohn)
  • 2023-02-01 25c504c328 [BUGFIX] Fix PHP 8 warning in ContentObjectRenderer (thanks to Thomas Hohn)
  • 2023-02-01 eb918cff11 [TASK] Cleanup of type for sameBeginEnd in ContentObjectRenderer (thanks to Thomas Hohn)
  • 2023-01-31 ed71a0e451 [DOCS] Fix typo in argument numbers in migration section (thanks to Česlav Przywara)
  • 2023-01-30 60b87b18b7 [BUGFIX] Prevent possible null pointer exception in data processors (thanks to Oliver Bartsch)
  • 2023-01-27 df81e5c358 [TASK] Replace localization methods in PageLayoutController (thanks to Andreas Fernandez)
  • 2023-01-27 9f9fcff1d3 [BUGFIX] Respect titleLen setting for page title in page module (thanks to Oliver Bartsch)
  • 2023-01-27 6f78ef21c3 [BUGFIX] Fix PHP 8 warning in BackendUtility (thanks to Thomas Hohn)
  • 2023-01-26 031920a282 [BUGFIX] Use correct language constraint in PageLayoutController (thanks to Oliver Bartsch)
  • 2023-01-26 6ad764a4a4 [BUGFIX] Use correct object to build "copy" payload (thanks to Andreas Fernandez)
  • 2023-01-25 8ca13f87ce [BUGFIX] Set proper groups in AdminPanel (thanks to Achim Fritz)
  • 2023-01-25 089fd4c582 [BUGFIX] Fix PHP 8 warning in AbstractPlugin (thanks to Benni Mack)
  • 2023-01-25 7ddd89e605 [BUGFIX] Restore record date fields for all users (thanks to Oliver Bartsch)
  • 2023-01-24 d00b800261 [BUGFIX] Fix PHP 8 warning in ContentObjectRenderer (thanks to Thomas Hohn)
  • 2023-01-24 e83051ca96 [BUGFIX] Fix PHP 8 warning in TMENU (thanks to Benni Mack)
  • 2023-01-24 284985758e [BUGFIX] Fix undefined key warning in indexed_search (thanks to Benni Mack)
  • 2023-01-24 8e56d00426 [BUGFIX] Fix PHP warning in Recycler (thanks to Benni Mack)
  • 2023-01-24 eceec87811 [BUGFIX] Fix PHP 8 warning in TreeDataProvider (thanks to Benni Mack)
  • 2023-01-24 dde772e3ce [BUGFIX] Fix PHP 8 warning in ContentObjectRenderer (thanks to Benni Mack)
  • 2023-01-23 94a90d426c [BUGFIX] Enforce processing images stored in typo3temp (thanks to Oliver Hader)
  • 2023-01-23 55b722720d [BUGFIX] Handle disabled default language in PageContentErrorHandler (thanks to Oliver Bartsch)
  • 2023-01-23 540bdd8052 [BUGFIX] Prevent duplicate ckeditor instances when moving inline fields (thanks to Nikita Hovratov)
  • 2023-01-23 008068ba8d [BUGFIX] Fix notice in FrontendConfigurationManager (thanks to Georg Ringer)
  • 2023-01-22 151dc97832 [BUGFIX] Make http_makelinks more fault tolerant (thanks to Thomas Hohn)
  • 2023-01-20 85c8b734a9 [BUGFIX] Make SITE: placeholder work in foreign_selector (thanks to David Blatter)
  • 2023-01-20 a6af00eb99 [BUGFIX] Do not trigger setUpdateSignal in CLI (thanks to Benni Mack)
  • 2023-01-20 e3b1dd7c10 [DOCS] Add hint about relative targets in redirects (thanks to Josef Glatz)
  • 2023-01-19 b1e7db956e [BUGFIX] Prevent PHP fatal error in scheduler (thanks to linawolf)
  • 2023-01-18 fac14109df [DOCS] Add hint to HtmlViewHelper about avoiding usage in backend context (thanks to Chris Müller)
  • 2023-01-18 44fc8221d3 [BUGFIX] Avoid logging of invalid locales in site configuration (thanks to Benni Mack)
  • 2023-01-17 a0c0e57a7b [BUGFIX] Allow CSP inline styles in directly requested SVG files (thanks to Oliver Hader)
  • 2023-01-17 504abbed30 [BUGFIX] Handle absolute web paths in FormEngineUtility::getIconHtml (thanks to Nikita Hovratov)
  • 2023-01-17 4cc434ad40 [BUGFIX] Avoid undef array key in TcaRecordTitle (thanks to Christian Kuhn)
  • 2023-01-17 789a9ad651 [BUGFIX] Mute autoplayed videos (thanks to Georg Ringer)
  • 2023-01-17 69f66f64d2 [TASK] Update to PHPStan 1.9.12 (thanks to Oliver Klee)
  • 2023-01-17 cb73bb2a7f [BUGFIX] Avoid undef array key in SearchController (thanks to Christian Kuhn)
  • 2023-01-17 2b65aef1f8 [BUGFIX] Avoid undef array key in QueryGenerator (thanks to Christian Kuhn)
  • 2023-01-17 ac629148b6 [BUGFIX] Respect HTTP_REFERER for felogin redirect mode 'referer' (thanks to Torben Hansen)
  • 2023-01-16 222b86b49f [BUGFIX] Deduplicate slugs with language -1 (thanks to Sybille Peters)
  • 2023-01-16 6b6edb6ea7 [TASK] Show explain selection in DB check only for Mysql (thanks to Georg Ringer)
  • 2023-01-16 9e5cda6b7d [DOCS] Move adminpanel TypoScript into manual (thanks to linawolf)
  • 2023-01-16 35dec1645c [BUGFIX] Harden type annotations around user authentication handling (thanks to Elias Häußler)
  • 2023-01-13 8c1bba317a [BUGFIX] Save+preview respects local PageTS (thanks to Philipp Kitzberger)
  • 2023-01-12 29d4ecc1a6 [BUGFIX] Avoid double hsc() in NoneElement (thanks to Christian Kuhn)
  • 2023-01-11 439e6c29c8 [BUGFIX] Ensure that formatValue for dates/times returns a string (thanks to Markus Klein)
  • 2023-01-11 9f6adb9b6a [BUGFIX] Fix notices in QueryGenerator (thanks to Georg Ringer)
  • 2023-01-11 690ce5e42e [BUGFIX] Avoid undef array key in ContentObjectRenderer (thanks to Christian Kuhn)
  • 2023-01-11 30fa767c58 [BUGFIX] Avoid uninitialized string offset in ContentObjectRenderer (thanks to Christian Kuhn)
  • 2023-01-10 4a8fbff21b [TASK] Set TYPO3 version to 11.5.23-dev (thanks to Benni Mack)