TYPO3 11.5.49 ELTS
Release Notes
Stay secure and up-to-date with TYPO3 ELTS!
The TYPO3 CMS community supported from 2020-12-22
until 2024-10-31.
Extend your support now until 2027-10-31 to
get access to the latest security and compatibility updates for this version.
Release Notes for TYPO3 CMS 11.5.49
This document contains information about TYPO3 CMS 11.5.49 which was released on 13.01.2026.
Get TYPO3 11.5.49 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2026-001
- https://typo3.org/security/advisory/typo3-core-sa-2026-002
- https://typo3.org/security/advisory/typo3-core-sa-2026-003
- https://typo3.org/security/advisory/typo3-core-sa-2026-004
Checksums of TYPO3 11.5.49
SHA256
4c46552301748908df07de92714f3f58096cca0b9b03fbf19fdac872255e9db1 typo3_src-11.5.49.tar.gz ac5cb8df62a93ed3955e81d4def931419f01f4dd742f370e432691ee5ae43ff0 typo3_src-11.5.49.zip
SHA1
a1ea02d69fa77ec81207e774ca04cb0b79525eaf typo3_src-11.5.49.tar.gz a53470e6990e7f017c0e6fbbfa39f126cf0054f2 typo3_src-11.5.49.zip
MD5
d41d8cd98f00b204e9800998ecf8427e typo3_src-11.5.49.tar.gz d41d8cd98f00b204e9800998ecf8427e typo3_src-11.5.49.zip
Package Signatures
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 11.5.48:
- 2026-01-13 0d27fd3307 [RELEASE] Release of TYPO3 11.5.49 (thanks to Andreas Kienast)
- 2026-01-13 f5c5b41d92 [SECURITY] Harden message deserialization in
FileSpooltransport (thanks to Elias Häußler) - 2026-01-13 07f5ad9cf6 [SECURITY] Avoid record deletion without permissions in recycler module (thanks to Elias Häußler)
- 2026-01-13 a30b07025b [SECURITY] Prevent unauthorized access to resources in redirects module (thanks to Elias Häußler)
- 2026-01-13 ad9bc05196 [SECURITY] Ensure defVals adhere to permissions checks (thanks to Benjamin Franzke)
- 2026-01-13 a1292b6a98 [BUGFIX] Skip consistency checks in ResourceStorage::addUploadedFile (thanks to Oliver Hader)
- 2026-01-13 fae2394c23 [BUGFIX] Allow file abstraction layer to process uppercase file names (thanks to Oliver Hader)
- 2026-01-13 23806e9efb [BUGFIX] Assure working redirect on discarded extension upload (thanks to Elias Häußler)
- 2026-01-07 661ab6ea88 [TASK] Migrate deprecated php-cs-fixer rules (thanks to Andreas Kienast)
- 2025-12-02 b905a8470a [TASK] Fix acceptance test execution in chrome (thanks to Benjamin Franzke)
- 2025-12-02 3048ff5502 [TASK] Update testing PHP images (thanks to Benjamin Franzke)
- 2025-12-02 434fd66696 [TASK] Fix CGL (thanks to Benjamin Franzke)
- 2025-09-09 47cbded458 [TASK] Set TYPO3 version to 11.5.49-dev (thanks to Andreas Kienast)