TYPO3 11.5.35

Release Notes

Version 11.5.35

Release Notes for TYPO3 CMS 11.5.35

This document contains information about TYPO3 CMS 11.5.35 which was released on 13.02.2024.

Get TYPO3 11.5.35 now

Checksums of TYPO3 11.5.35


fae368c71fe744b4539e44a12776db6e5a634e59d01a1c7eac69c7ceb58b9e86 typo3_src-11.5.35.tar.gz
f4f11c68dced8bb59383837f4302e014136a16c21a9978a7f43264108dc2abbd typo3_src-11.5.35.zip


103805ce100dfe804e70793df4f0b11bd43bad1f typo3_src-11.5.35.tar.gz
37f6f0311e5436f53bb28d8121a48f50a8a7ae18 typo3_src-11.5.35.zip


2b01ad7d88999cd19037fecad44666f5 typo3_src-11.5.35.tar.gz
18a72b3a5106c7749e7e4c0eed969484 typo3_src-11.5.35.zip


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since 11.5.34:

  • 2024-02-13 7cd2396f0b [RELEASE] Release of TYPO3 11.5.35 (thanks to Oliver Hader)
  • 2024-02-13 71e652bf84 [SECURITY] Deny directly modifying file abstraction layer entities (thanks to Oliver Hader)
  • 2024-02-13 2de87ff113 [SECURITY] Prevent arbitrary access to privileged resources via t3:// (thanks to Benjamin Franzke)
  • 2024-02-13 fa12667c04 [SECURITY] Do not disclose encryptionKey via InstallTool (thanks to Benjamin Franzke)
  • 2024-02-13 c7a135c25a [SECURITY] Avoid showing password hashes in backend edit forms (thanks to Oliver Hader)
  • 2024-02-13 84e07e35b8 [SECURITY] Prevent RCE via install tool settings (thanks to Benjamin Franzke)
  • 2024-02-13 accf537c73 [!!!][SECURITY] Enforce absolute path checks in FAL local driver (thanks to Oliver Hader)
  • 2024-02-12 3f3ae9e03d [TASK] Update composer/composer to most recent version (thanks to Oliver Hader)
  • 2024-02-11 c9bcd0a431 [BUGFIX] Also fetch outdated extensions in extensionmanager (thanks to Oliver Bartsch)
  • 2024-02-10 3301010425 [BUGFIX] Avoid static calls to LogDataTrait::formatLogDetails (thanks to Oliver Hader)
  • 2024-02-10 1765efd069 [TASK] Update container image versions (thanks to Stefan Bürk)
  • 2024-02-09 fe1cdae9f8 [BUGFIX] Mitigate a TypeError in StandardContentPreviewRenderer (thanks to Yann)
  • 2024-02-09 1487caf2b7 [TASK] Replace former extension packages using self.version (thanks to Thomas Hohn)
  • 2024-02-08 d8ffdf0e6c [BUGFIX] Copy metadata on copy file (thanks to Oliver Bartsch)
  • 2024-02-07 bd4f2f4850 [BUGFIX] Undefined array index for TCA without ctrl (thanks to Simon Schaufelberger)
  • 2024-02-07 f535b30f9e [TASK] Add composer dispatcher to runTests.sh (thanks to Stefan Bürk)
  • 2024-02-05 df0a0d0742 [TASK] Add missing MySQL Server versions to runTests.sh (thanks to Stefan Bürk)
  • 2024-02-03 68a963c02c [BUGFIX] Allow linking to records that are set to All Languages (thanks to Benni Mack)
  • 2024-02-02 15d2369bab [TASK] Use podman before docker in Build/Scripts/runTests.sh (thanks to Stefan Bürk)
  • 2024-01-31 975aab1f50 [TASK] Unblock argument passing in Build/Scripts/runTests.sh (thanks to Stefan Bürk)
  • 2024-01-31 796e8f6c2f [BUGFIX] Prevent memory leak when fetching a lot of database records (thanks to Sascha Nowak)
  • 2024-01-30 cc1d3ebf30 [BUGFIX] Prevent side effects in rst extension scanner tags check (thanks to Oliver Bartsch)
  • 2024-01-29 dfb80fbaf4 [BUGFIX] Indexed Search: Pass freeIndexUid to pageBrowsing ViewHelper (thanks to Andreas Kienast)
  • 2024-01-25 e9b3f69a1d [BUGFIX] Do not resolve resource paths in EXT:form (thanks to Peter Kraume)
  • 2024-01-22 63292d4ca3 [TASK] Update container image versions (thanks to Stefan Bürk)
  • 2024-01-16 f9eee0fa6e [TASK] Set TYPO3 version to 11.5.35-dev (thanks to Oliver Hader)