TYPO3 12.4.11
Release Notes
Release Notes for TYPO3 CMS 12.4.11
This document contains information about TYPO3 CMS 12.4.11 which was released on 13.02.2024.
Get TYPO3 12.4.11 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2024-001
- https://typo3.org/security/advisory/typo3-core-sa-2024-002
- https://typo3.org/security/advisory/typo3-core-sa-2024-003
- https://typo3.org/security/advisory/typo3-core-sa-2024-004
- https://typo3.org/security/advisory/typo3-core-sa-2024-005
- https://typo3.org/security/advisory/typo3-core-sa-2024-006
Checksums of TYPO3 12.4.11
SHA256
a93bb3e8ceae5f00c77f985438dd948d2a33426ccfd7c2e0e5706325c43533a3 typo3_src-12.4.11.tar.gz 8e0a8eaeed082e273289f3e17318817418c38c295833a12e7f94abb2845830ee typo3_src-12.4.11.zip
SHA1
9fcecf7b0e72074b060516c22115d57dd29fd5b0 typo3_src-12.4.11.tar.gz 3606bcc9331f2875812ddafd89ccc2ddf8922b63 typo3_src-12.4.11.zip
MD5
a4fbb1da81411f350081872fe2ff2dac typo3_src-12.4.11.tar.gz c514ef9b7aad7c476fa4f36703e686fb typo3_src-12.4.11.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 12.4.10:
- 2024-02-13 3f83ff31e7 [RELEASE] Release of TYPO3 12.4.11 (thanks to Oliver Hader)
- 2024-02-13 b47b6ddf5a [SECURITY] Deny directly modifying file abstraction layer entities (thanks to Oliver Hader)
- 2024-02-13 33f4d279b8 [SECURITY] Prevent arbitrary access to privileged resources via t3:// (thanks to Benjamin Franzke)
- 2024-02-13 df486372ea [SECURITY] Do not disclose encryptionKey via InstallTool (thanks to Benjamin Franzke)
- 2024-02-13 cafc5af7fd [SECURITY] Avoid showing password hashes in backend edit forms (thanks to Oliver Hader)
- 2024-02-13 6cc11761b8 [SECURITY] Prevent RCE via install tool settings (thanks to Benjamin Franzke)
- 2024-02-13 78fb9287a2 [!!!][SECURITY] Enforce absolute path checks in FAL local driver (thanks to Oliver Hader)
- 2024-02-13 e72b7c6cfd [BUGFIX] Avoid autocompletion in TCA type password (thanks to Benjamin Franzke)
- 2024-02-13 6a1832a47b [TASK] Update
phpstan/phpstan
version (thanks to Stefan Bürk) - 2024-02-12 cecb6ae613 [TASK] Update composer/composer to most recent version (thanks to Oliver Hader)
- 2024-02-12 df0fb93219 [BUGFIX] Fix list view functionality in FileList (thanks to Oliver Bartsch)
- 2024-02-12 a97cc7367e [DOCS] Document how to replace a linktype (thanks to Sybille Peters)
- 2024-02-11 70236e534e [BUGFIX] Also fetch outdated extensions in extensionmanager (thanks to Oliver Bartsch)
- 2024-02-11 7596d9cd25 [BUGFIX] Wrong language labels in StandardContentPreviewRenderer (thanks to Torben Hansen)
- 2024-02-10 4e0ee131a4 [BUGFIX] Avoid static calls to LogDataTrait::formatLogDetails (thanks to Oliver Hader)
- 2024-02-10 9d64aed5ae [TASK] Update container image versions (thanks to Stefan Bürk)
- 2024-02-09 09a8aa2344 [BUGFIX] Mitigate a TypeError in
StandardContentPreviewRenderer
(thanks to Yann) - 2024-02-09 314796a0b4 [BUGFIX] Handle record export and download options individually (thanks to Oliver Bartsch)
- 2024-02-09 ed7ab690bc [BUGFIX] Properly use file name argument in locallang label (thanks to Oliver Bartsch)
- 2024-02-09 484796b644 [TASK] Replace former extension packages using self.version (thanks to Thomas Hohn)
- 2024-02-09 0e26556d1c [BUGFIX] Install Tool: Re-enable modal actions after execution (thanks to Andreas Kienast)
- 2024-02-09 de2856d0e3 [TASK] Update
sortablejs
(thanks to Andreas Kienast) - 2024-02-09 916bf8fd87 [BUGFIX] Properly resolve GET parameter
id
(thanks to Benni Mack) - 2024-02-08 e02e8ef2ac [TASK] Fix acceptence tests window size with php-webdriver 1.15 (thanks to Benjamin Kott)
- 2024-02-07 bf7bb9061b [BUGFIX] Undefined array index for TCA without ctrl (thanks to Simon Schaufelberger)
- 2024-02-07 f99e80b59d [TASK] Add
composer
dispatcher torunTests.sh
(thanks to Stefan Bürk) - 2024-02-07 9a6f1227e3 [TASK] Use correct global cache key for gitlab workflows (thanks to Stefan Bürk)
- 2024-02-07 0dec20ea84 [TASK] Update
sass
(thanks to Andreas Kienast) - 2024-02-06 dfa3a35d40 [BUGFIX] Reverse rootline for PageLayoutResolver calls (thanks to Dimitri König)
- 2024-02-06 ff1931a747 [TASK] Update
doctrine/dbal:^3.8.1
(thanks to Stefan Bürk) - 2024-02-06 d58280d266 [BUGFIX] Fix typo in
Random::DEFAULT_PASSWORD_LENGTH
constant (thanks to Andreas Kienast) - 2024-02-05 44cf6313b9 [TASK] Drop unneeded TYPO3 version from package.json (thanks to Andreas Kienast)
- 2024-02-05 08fb17122d [BUGFIX] Add fake TS setup in admin panel for fluid (thanks to Benni Mack)
- 2024-02-05 7852f1adff [BUGFIX] Omit click menu on icons in
browse
mode (thanks to Oliver Bartsch) - 2024-02-05 ae40f5a518 [TASK] Add missing MySQL Server versions to
runTests.sh
(thanks to Stefan Bürk) - 2024-02-04 bedbe0df6a [TASK] Update
lit
packages (thanks to Andreas Kienast) - 2024-02-03 f89ac74c01 [TASK] Update locales translation files (thanks to Stefan Bürk)
- 2024-02-03 f9e891109b [BUGFIX] Ensure extended
XliffFileDumper::dump()
is compatible (thanks to Stefan Bürk) - 2024-02-02 04f20417f2 [TASK] Update
codemirror
and friends (thanks to Andreas Kienast) - 2024-02-02 9a5b9ec410 [DOCS] Remove outdated number from logicalAnd() and logicalOr() PHPdoc (thanks to Albrecht Köhnlein)
- 2024-02-02 5b18ef1b7b [TASK] Use
podman
beforedocker
inBuild/Scripts/runTests.sh
(thanks to Stefan Bürk) - 2024-02-01 5d8f78f36b [BUGFIX] Do not force 5 records in list view (thanks to Oliver Bartsch)
- 2024-02-01 120f3eb621 [TASK] Update testing-framework (thanks to Stefan Bürk)
- 2024-02-01 3132d3d025 [BUGFIX] Prevent exception in TranslateViewHelper for modules without short description (thanks to Albrecht Köhnlein)
- 2024-01-31 4971b10094 [TASK] Unblock argument passing in
Build/Scripts/runTests.sh
(thanks to Stefan Bürk) - 2024-01-31 7629b20a75 [BUGFIX] Reset array keys after filtering available languages (thanks to Oliver Bartsch)
- 2024-01-31 0cb86f3123 [BUGFIX] Change file extension separator in element browser string (thanks to Oliver Bartsch)
- 2024-01-31 22db97b11d [BUGFIX] Prevent memory leak when fetching a lot of database records (thanks to Sascha Nowak)
- 2024-01-31 6ea7205403 [DOCS] Remove index page from changelogs (thanks to Chris Müller)
- 2024-01-30 6dddf1a45e [BUGFIX] Prevent side effects in rst extension scanner tags check (thanks to Oliver Bartsch)
- 2024-01-30 0f7d58fa8f [BUGFIX] Prevent empty categories in NewContentElementWizard (thanks to Oliver Bartsch)
- 2024-01-29 c50449f299 [BUGFIX] Indexed Search: Pass
freeIndexUid
topageBrowsing
ViewHelper (thanks to Andreas Kienast) - 2024-01-28 9dcaf06463 [TASK] Improve type annotations for (Lazy)ObjectStorage (thanks to Oliver Klee)
- 2024-01-28 c5906d7b53 [DOCS] Add link to hooks on "Concepts > Frontend rendering" page (EXT:form) (thanks to Chris Müller)
- 2024-01-28 fd84049ba3 [BUGFIX] Add missing type in annotation for GU::implodeAttributes (thanks to Oliver Klee)
- 2024-01-26 d74fb73e3e [TASK] Improve Install Tool UX for first-time users (thanks to Mathias Bolt Lesniak)
- 2024-01-25 b305873ff2 [BUGFIX] Do not resolve resource paths in EXT:form (thanks to Peter Kraume)
- 2024-01-25 62563f5b3c [TASK] Update PHPStan and friends (thanks to Stefan Bürk)
- 2024-01-24 e0c694aa54 [BUGFIX] Add suggestion for EXT:lowlevel to EXT:form (thanks to Oliver Bartsch)
- 2024-01-24 59c8cd7104 [BUGFIX] Indexed Search: Only write internal log if
debugMode
is enabled (thanks to Andreas Kienast) - 2024-01-23 4cf89797a0 [DOCS] Improve output of *rootPaths examples (thanks to Simon Praetorius)
- 2024-01-23 63aa695585 [BUGFIX] Fix type annotations in extbase Annotation classes (thanks to Oliver Klee)
- 2024-01-23 1e340c04a1 [DOCS] Fix BeforeRequestTokenProcessedEvent code example (thanks to Torben Hansen)
- 2024-01-23 a8bde286ee [TASK] Update to CKEditor5 v41 (thanks to Benjamin Franzke)
- 2024-01-23 f0bcfbc703 [TASK] Add stored page id to LiveSearch search demand (thanks to Andreas Kienast)
- 2024-01-22 d356b2d309 [BUGFIX] Typoscript ">" operator removes too much (thanks to Christian Kuhn)
- 2024-01-22 70b7bc1982 [BUGFIX] Use matching site in extbase BE modules (thanks to Christian Kuhn)
- 2024-01-22 ad54ae83d0 [DOCS] Fixes PHP syntax in snippet (thanks to Julian Hofmann)
- 2024-01-22 b894818768 [TASK] Update container image versions (thanks to Stefan Bürk)
- 2024-01-21 e914e7fbe6 [DOCS] Added note to ext:felogin redirect modes (thanks to Torben Hansen)
- 2024-01-21 5ec4b642f5 [BUGFIX] Fix page input of recordlist pagination (thanks to Oliver Bartsch)
- 2024-01-20 0e0a9fac06 [TASK] Ensure unique values in filemounts permissions (thanks to Marcin Sągol)
- 2024-01-19 566c6d602d [TASK] Sort table and field list in DB Check module by labels (thanks to Marcin Sągol)
- 2024-01-18 7a9cfb2bb9 [BUGFIX] Restore
Controller
PHP attribute (thanks to Oliver Bartsch) - 2024-01-18 39cf571615 [BUGFIX] Ensure table wizard connected callback has access to textarea (thanks to Benjamin Franzke)
- 2024-01-18 5c296a4560 [BUGFIX] Prevent type error on static route (thanks to linawolf)
- 2024-01-16 9fcbdad4a2 [BUGFIX] Use correct check and fallback type for plugin itemGroups resolving (thanks to Oliver Bartsch)
- 2024-01-16 c73f57ae58 [TASK] Set TYPO3 version to 12.4.11-dev (thanks to Oliver Hader)