TYPO3 12.4.11
Release Notes
Release Notes for TYPO3 CMS 12.4.11
This document contains information about TYPO3 CMS 12.4.11 which was released on 13.02.2024.
Get TYPO3 12.4.11 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2024-001
- https://typo3.org/security/advisory/typo3-core-sa-2024-002
- https://typo3.org/security/advisory/typo3-core-sa-2024-003
- https://typo3.org/security/advisory/typo3-core-sa-2024-004
- https://typo3.org/security/advisory/typo3-core-sa-2024-005
- https://typo3.org/security/advisory/typo3-core-sa-2024-006
Checksums of TYPO3 12.4.11
SHA256
a93bb3e8ceae5f00c77f985438dd948d2a33426ccfd7c2e0e5706325c43533a3 typo3_src-12.4.11.tar.gz 8e0a8eaeed082e273289f3e17318817418c38c295833a12e7f94abb2845830ee typo3_src-12.4.11.zip
SHA1
9fcecf7b0e72074b060516c22115d57dd29fd5b0 typo3_src-12.4.11.tar.gz 3606bcc9331f2875812ddafd89ccc2ddf8922b63 typo3_src-12.4.11.zip
MD5
a4fbb1da81411f350081872fe2ff2dac typo3_src-12.4.11.tar.gz c514ef9b7aad7c476fa4f36703e686fb typo3_src-12.4.11.zip
Package Signatures
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Download GPG signed release README.md file
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/12.4.11/tar.gz wget --content-disposition https://get.typo3.org/12.4.11/tar.gz.sig gpg --verify typo3_src-12.4.11.tar.gz.sig typo3_src-12.4.11.tar.gz
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 12.4.10:
- 2024-02-13 3f83ff31e7 [RELEASE] Release of TYPO3 12.4.11 (thanks to Oliver Hader)
- 2024-02-13 b47b6ddf5a [SECURITY] Deny directly modifying file abstraction layer entities (thanks to Oliver Hader)
- 2024-02-13 33f4d279b8 [SECURITY] Prevent arbitrary access to privileged resources via t3:// (thanks to Benjamin Franzke)
- 2024-02-13 df486372ea [SECURITY] Do not disclose encryptionKey via InstallTool (thanks to Benjamin Franzke)
- 2024-02-13 cafc5af7fd [SECURITY] Avoid showing password hashes in backend edit forms (thanks to Oliver Hader)
- 2024-02-13 6cc11761b8 [SECURITY] Prevent RCE via install tool settings (thanks to Benjamin Franzke)
- 2024-02-13 78fb9287a2 [!!!][SECURITY] Enforce absolute path checks in FAL local driver (thanks to Oliver Hader)
- 2024-02-13 e72b7c6cfd [BUGFIX] Avoid autocompletion in TCA type password (thanks to Benjamin Franzke)
- 2024-02-13 6a1832a47b [TASK] Update
phpstan/phpstan
version (thanks to Stefan Bürk) - 2024-02-12 cecb6ae613 [TASK] Update composer/composer to most recent version (thanks to Oliver Hader)
- 2024-02-12 df0fb93219 [BUGFIX] Fix list view functionality in FileList (thanks to Oliver Bartsch)
- 2024-02-12 a97cc7367e [DOCS] Document how to replace a linktype (thanks to Sybille Peters)
- 2024-02-11 70236e534e [BUGFIX] Also fetch outdated extensions in extensionmanager (thanks to Oliver Bartsch)
- 2024-02-11 7596d9cd25 [BUGFIX] Wrong language labels in StandardContentPreviewRenderer (thanks to Torben Hansen)
- 2024-02-10 4e0ee131a4 [BUGFIX] Avoid static calls to LogDataTrait::formatLogDetails (thanks to Oliver Hader)
- 2024-02-10 9d64aed5ae [TASK] Update container image versions (thanks to Stefan Bürk)
- 2024-02-09 09a8aa2344 [BUGFIX] Mitigate a TypeError in
StandardContentPreviewRenderer
(thanks to Yann) - 2024-02-09 314796a0b4 [BUGFIX] Handle record export and download options individually (thanks to Oliver Bartsch)
- 2024-02-09 ed7ab690bc [BUGFIX] Properly use file name argument in locallang label (thanks to Oliver Bartsch)
- 2024-02-09 484796b644 [TASK] Replace former extension packages using self.version (thanks to Thomas Hohn)
- 2024-02-09 0e26556d1c [BUGFIX] Install Tool: Re-enable modal actions after execution (thanks to Andreas Kienast)
- 2024-02-09 de2856d0e3 [TASK] Update
sortablejs
(thanks to Andreas Kienast) - 2024-02-09 916bf8fd87 [BUGFIX] Properly resolve GET parameter
id
(thanks to Benni Mack) - 2024-02-08 e02e8ef2ac [TASK] Fix acceptence tests window size with php-webdriver 1.15 (thanks to Benjamin Kott)
- 2024-02-07 bf7bb9061b [BUGFIX] Undefined array index for TCA without ctrl (thanks to Simon Schaufelberger)
- 2024-02-07 f99e80b59d [TASK] Add
composer
dispatcher torunTests.sh
(thanks to Stefan Bürk) - 2024-02-07 9a6f1227e3 [TASK] Use correct global cache key for gitlab workflows (thanks to Stefan Bürk)
- 2024-02-07 0dec20ea84 [TASK] Update
sass
(thanks to Andreas Kienast) - 2024-02-06 dfa3a35d40 [BUGFIX] Reverse rootline for PageLayoutResolver calls (thanks to Dimitri König)
- 2024-02-06 ff1931a747 [TASK] Update
doctrine/dbal:^3.8.1
(thanks to Stefan Bürk) - 2024-02-06 d58280d266 [BUGFIX] Fix typo in
Random::DEFAULT_PASSWORD_LENGTH
constant (thanks to Andreas Kienast) - 2024-02-05 44cf6313b9 [TASK] Drop unneeded TYPO3 version from package.json (thanks to Andreas Kienast)
- 2024-02-05 08fb17122d [BUGFIX] Add fake TS setup in admin panel for fluid (thanks to Benni Mack)
- 2024-02-05 7852f1adff [BUGFIX] Omit click menu on icons in
browse
mode (thanks to Oliver Bartsch) - 2024-02-05 ae40f5a518 [TASK] Add missing MySQL Server versions to
runTests.sh
(thanks to Stefan Bürk) - 2024-02-04 bedbe0df6a [TASK] Update
lit
packages (thanks to Andreas Kienast) - 2024-02-03 f89ac74c01 [TASK] Update locales translation files (thanks to Stefan Bürk)
- 2024-02-03 f9e891109b [BUGFIX] Ensure extended
XliffFileDumper::dump()
is compatible (thanks to Stefan Bürk) - 2024-02-02 04f20417f2 [TASK] Update
codemirror
and friends (thanks to Andreas Kienast) - 2024-02-02 9a5b9ec410 [DOCS] Remove outdated number from logicalAnd() and logicalOr() PHPdoc (thanks to Albrecht Köhnlein)
- 2024-02-02 5b18ef1b7b [TASK] Use
podman
beforedocker
inBuild/Scripts/runTests.sh
(thanks to Stefan Bürk) - 2024-02-01 5d8f78f36b [BUGFIX] Do not force 5 records in list view (thanks to Oliver Bartsch)
- 2024-02-01 120f3eb621 [TASK] Update testing-framework (thanks to Stefan Bürk)
- 2024-02-01 3132d3d025 [BUGFIX] Prevent exception in TranslateViewHelper for modules without short description (thanks to Albrecht Köhnlein)
- 2024-01-31 4971b10094 [TASK] Unblock argument passing in
Build/Scripts/runTests.sh
(thanks to Stefan Bürk) - 2024-01-31 7629b20a75 [BUGFIX] Reset array keys after filtering available languages (thanks to Oliver Bartsch)
- 2024-01-31 0cb86f3123 [BUGFIX] Change file extension separator in element browser string (thanks to Oliver Bartsch)
- 2024-01-31 22db97b11d [BUGFIX] Prevent memory leak when fetching a lot of database records (thanks to Sascha Nowak)
- 2024-01-31 6ea7205403 [DOCS] Remove index page from changelogs (thanks to Chris Müller)
- 2024-01-30 6dddf1a45e [BUGFIX] Prevent side effects in rst extension scanner tags check (thanks to Oliver Bartsch)
- 2024-01-30 0f7d58fa8f [BUGFIX] Prevent empty categories in NewContentElementWizard (thanks to Oliver Bartsch)
- 2024-01-29 c50449f299 [BUGFIX] Indexed Search: Pass
freeIndexUid
topageBrowsing
ViewHelper (thanks to Andreas Kienast) - 2024-01-28 9dcaf06463 [TASK] Improve type annotations for (Lazy)ObjectStorage (thanks to Oliver Klee)
- 2024-01-28 c5906d7b53 [DOCS] Add link to hooks on "Concepts > Frontend rendering" page (EXT:form) (thanks to Chris Müller)
- 2024-01-28 fd84049ba3 [BUGFIX] Add missing type in annotation for GU::implodeAttributes (thanks to Oliver Klee)
- 2024-01-26 d74fb73e3e [TASK] Improve Install Tool UX for first-time users (thanks to Mathias Bolt Lesniak)
- 2024-01-25 b305873ff2 [BUGFIX] Do not resolve resource paths in EXT:form (thanks to Peter Kraume)
- 2024-01-25 62563f5b3c [TASK] Update PHPStan and friends (thanks to Stefan Bürk)
- 2024-01-24 e0c694aa54 [BUGFIX] Add suggestion for EXT:lowlevel to EXT:form (thanks to Oliver Bartsch)
- 2024-01-24 59c8cd7104 [BUGFIX] Indexed Search: Only write internal log if
debugMode
is enabled (thanks to Andreas Kienast) - 2024-01-23 4cf89797a0 [DOCS] Improve output of *rootPaths examples (thanks to Simon Praetorius)
- 2024-01-23 63aa695585 [BUGFIX] Fix type annotations in extbase Annotation classes (thanks to Oliver Klee)
- 2024-01-23 1e340c04a1 [DOCS] Fix BeforeRequestTokenProcessedEvent code example (thanks to Torben Hansen)
- 2024-01-23 a8bde286ee [TASK] Update to CKEditor5 v41 (thanks to Benjamin Franzke)
- 2024-01-23 f0bcfbc703 [TASK] Add stored page id to LiveSearch search demand (thanks to Andreas Kienast)
- 2024-01-22 d356b2d309 [BUGFIX] Typoscript ">" operator removes too much (thanks to Christian Kuhn)
- 2024-01-22 70b7bc1982 [BUGFIX] Use matching site in extbase BE modules (thanks to Christian Kuhn)
- 2024-01-22 ad54ae83d0 [DOCS] Fixes PHP syntax in snippet (thanks to Julian Hofmann)
- 2024-01-22 b894818768 [TASK] Update container image versions (thanks to Stefan Bürk)
- 2024-01-21 e914e7fbe6 [DOCS] Added note to ext:felogin redirect modes (thanks to Torben Hansen)
- 2024-01-21 5ec4b642f5 [BUGFIX] Fix page input of recordlist pagination (thanks to Oliver Bartsch)
- 2024-01-20 0e0a9fac06 [TASK] Ensure unique values in filemounts permissions (thanks to Marcin Sągol)
- 2024-01-19 566c6d602d [TASK] Sort table and field list in DB Check module by labels (thanks to Marcin Sągol)
- 2024-01-18 7a9cfb2bb9 [BUGFIX] Restore
Controller
PHP attribute (thanks to Oliver Bartsch) - 2024-01-18 39cf571615 [BUGFIX] Ensure table wizard connected callback has access to textarea (thanks to Benjamin Franzke)
- 2024-01-18 5c296a4560 [BUGFIX] Prevent type error on static route (thanks to linawolf)
- 2024-01-16 9fcbdad4a2 [BUGFIX] Use correct check and fallback type for plugin itemGroups resolving (thanks to Oliver Bartsch)
- 2024-01-16 c73f57ae58 [TASK] Set TYPO3 version to 12.4.11-dev (thanks to Oliver Hader)