TYPO3 12.4.8

Release Notes

Version 12.4.8

Release Notes for TYPO3 CMS 12.4.8

This document contains information about TYPO3 CMS 12.4.8 which was released on 14.11.2023.

Get TYPO3 12.4.8 now

Checksums of TYPO3 12.4.8


8293b3441ec133fc8f9174fab5b88f450044ded0e188a0f12de37ad60a8bf8b3 typo3_src-12.4.8.tar.gz
f1bbc7460f751ee094af16e417731aeb295ed9e8b6669783b2175592c5892414 typo3_src-12.4.8.zip


bcb5d566904409f31922847a718c60e95c910365 typo3_src-12.4.8.tar.gz
980b276357b952acd88261ea3d9d79315caecc7b typo3_src-12.4.8.zip


6d095399e01f6c5667eb5678b6f8f194 typo3_src-12.4.8.tar.gz
4cb289ddfac49cd90a2a89048f95e8bc typo3_src-12.4.8.zip


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since 12.4.7:

  • 2023-11-14 639f2dbbaf [RELEASE] Release of TYPO3 12.4.8 (thanks to Oliver Hader)
  • 2023-11-14 56c77d7865 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.4 (thanks to Benjamin Franzke)
  • 2023-11-14 e9a0b4f28b [SECURITY] Limit user session to cookie domain (thanks to Benjamin Franzke)
  • 2023-11-14 24b5f8d471 [SECURITY] Do not display full path to ENABLE_INSTALL_TOOL file (thanks to Markus Klein)
  • 2023-11-13 3d982b3e05 [TASK] Stabilize ac tests again (thanks to Christian Kuhn)
  • 2023-11-13 4c88a34916 [TASK] Fix changelog for TCA slug generatorOptions (thanks to Sybille Peters)
  • 2023-11-13 7ee47a17f7 [BUGFIX] Verify Popover instances before usage (thanks to Christian Kuhn)
  • 2023-11-13 3e5ed0e4ba [BUGFIX] Make labels in workspace preview translatable (thanks to Patrick Schriner)
  • 2023-11-10 b1a7ff66b2 [BUGFIX] Properly escalate if a form HMAC fails to decode (thanks to Thomas Hohn)
  • 2023-11-09 1286800f0c [BUGFIX] Show correct icon for page types in UserInformationService (thanks to Achim Fritz)
  • 2023-11-09 66adf92446 [BUGFIX] Add missing file_rename labels to filelist (thanks to Patrick Schriner)
  • 2023-11-08 c78e80ad09 [TASK] Update cropperjs library to 1.6.1 (thanks to Andreas Kienast)
  • 2023-11-08 2ff00e55f6 [BUGFIX] Prevent possible PHP crash with empty systemLocale (thanks to Xavier Perseguers)
  • 2023-11-07 06e6c33f3a [BUGFIX] Fix possible regression in cObjGet() (thanks to Benjamin Franzke)
  • 2023-11-07 a4a05e9339 [TASK] Respect the AsCommand hidden constructor argument (thanks to Benjamin Franzke)
  • 2023-11-06 b5d4461a8c [BUGFIX] Fix special characters in scheduler labels (thanks to Imko Schumacher)
  • 2023-11-06 fb77b79e7a [DOCS] Add section about adding custom tables to create record reaction (thanks to Chris Müller)
  • 2023-11-06 3708def6b6 [TASK] Remove superfluous typecasts in Extbase AbstractValidator (thanks to Torben Hansen)
  • 2023-11-06 ba750f4a10 [DOCS] Use correct variable in code example in ext:dashboard (thanks to Fabio Norbutat)
  • 2023-11-06 e572ec6214 [DOCS] Use proper yaml quoting in MakeRefreshable.rst (thanks to Fabio Norbutat)
  • 2023-11-06 528132a4b9 [BUGFIX] Update phpstan/phpstan to 1.10.41 (thanks to Andreas Kienast)
  • 2023-11-06 0ab65a4b1d [BUGFIX] Concatenate inline JavaScript with line break (thanks to Jonas Eberle)
  • 2023-11-05 66a4214447 [BUGFIX] Allow to create folders with name "0" (thanks to Justus Moroni)
  • 2023-11-05 975d036aec [DOCS] Fix typos and code example in be module registration API (thanks to Josef Glatz)
  • 2023-11-04 e280ba99cf [BUGFIX] Respect record's overlay icon in workspace listing (thanks to Oliver Bartsch)
  • 2023-11-04 ef16a6a6e2 [TASK] Migrate icon-element to @lit/task (thanks to Benjamin Franzke)
  • 2023-11-04 3b4b875a0e [BUGFIX] Enable configuration passthrough for custom CKEditor5 plugins (thanks to Benjamin Franzke)
  • 2023-11-03 6cb90c639b [TASK] Update bootstrap to 5.3.2 (thanks to Andreas Kienast)
  • 2023-11-02 d9af934788 [BUGFIX] Prefix fields with table name in SuggestWizardDefaultReceiver (thanks to Achim Fritz)
  • 2023-11-02 54cbbd9f3c [TASK] Have an event to modify constants AST in FE (thanks to Julian Mair)
  • 2023-10-31 2f9415bb99 [BUGFIX] Allow custom AbortSignal to be passed to AjaxRequest methods (thanks to Benjamin Franzke)
  • 2023-10-31 f5f5275c6a [TASK] Upgrade to Lit v3 (thanks to Benjamin Franzke)
  • 2023-10-31 c21150b056 [BUGFIX] Update phpstan/phpstan to 1.10.40 (thanks to Andreas Kienast)
  • 2023-10-30 d194aa31d5 [TASK] Escape dynamic values in DOM selectors (thanks to Benjamin Franzke)
  • 2023-10-30 f14282903f [TASK] Bump friendsofphp/php-cs-fixer:^3.37.1 (thanks to Christian Kuhn)
  • 2023-10-27 a5909984ef [BUGFIX] Reset UriBuilder for links generated by PasswordRecoveryService (thanks to Garvin Hicking)
  • 2023-10-26 b53ee74872 [TASK] Introduce Symfony attribute based registration of CLI commands (thanks to Bastien Lutz)
  • 2023-10-26 5604ac95ef [BUGFIX] Add a few missing labels (thanks to Christian Kuhn)
  • 2023-10-26 b6cbf352d3 [BUGFIX] Simplify regex for form finisher FlexForm overrides (thanks to Nikita Hovratov)
  • 2023-10-26 17bec4434c [BUGFIX] Array access warning in DataHandler (thanks to Christian Kuhn)
  • 2023-10-26 d396dd6a65 [TASK] Use ConsumableNonce instead of blunt Nonce in CSP context (thanks to Oliver Hader)
  • 2023-10-26 f176c5ffb7 [TASK] Return __toString value from objects in DataMapper::getPlainValue (thanks to Soren Malling)
  • 2023-10-26 af090e6379 [TASK] Show Content Security Policy Mutations Configuration (thanks to Oliver Hader)
  • 2023-10-26 af9a058bdd [BUGFIX] Replace CSP mutation mode extend by inherit & append (thanks to Oliver Hader)
  • 2023-10-25 fe8d8e677b [BUGFIX] Mark erroneous fields within .formengine-field-item (thanks to Andreas Kienast)
  • 2023-10-25 09faf08d0d [BUGFIX] Handle null values in input transformation in AJAX requests (thanks to Andreas Kienast)
  • 2023-10-25 b77aee6fcb [BUGFIX] Ensure CKEditor5 removePlugins is always a list (thanks to Benjamin Franzke)
  • 2023-10-25 d1e2178eeb [BUGFIX] Handle missing t3ver_state value in workspace ElementEntityProcessor (thanks to Markus Klein)
  • 2023-10-25 a93c810ee6 [TASK] Fix php-cs-fixer config (thanks to Benjamin Franzke)
  • 2023-10-24 b818725f9e [TASK] Pin to PER Coding Style v1.0 (thanks to Benjamin Franzke)
  • 2023-10-24 fa34bf93e1 [BUGFIX] Show label in foreign record selector (thanks to Till Hörner)
  • 2023-10-24 af8a1cea43 [TASK] Bump friendsofphp/php-cs-fixer:^3.35.1 (thanks to Christian Kuhn)
  • 2023-10-23 ba81fc3a33 [BUGFIX] Correct link to limit shown entries in record history module (thanks to Jasmina Ließmann)
  • 2023-10-23 b6ed3f6ed8 [BUGFIX] Avoid PHP array access error in workspaces (thanks to Christian Kuhn)
  • 2023-10-23 d3d7160ca8 [BUGFIX] Display human-readable preview of FlexForm values (thanks to Uwe Trotzek)
  • 2023-10-23 0ce568c84e [BUGFIX] Do not flush rootline cache when be user visits the website (thanks to Christoph Lehmann)
  • 2023-10-23 5463a19dc6 [TASK] Show original user on new line in ElementHistoryController (thanks to Josef Glatz)
  • 2023-10-22 b497cc7013 [TASK] Remove dead catch in ImageViewHelper (thanks to Nikita Hovratov)
  • 2023-10-22 b88d8c9aae [TASK] Avoid misusing csv file of different test in ImageViewHelperTest (thanks to Nikita Hovratov)
  • 2023-10-22 d762c35ad9 [TASK] Improve invalidArguments tests for ImageViewHelper (thanks to Nikita Hovratov)
  • 2023-10-20 43da9cd7f5 [TASK] Replace tabs with spaces in xml files (thanks to Nikita Hovratov)
  • 2023-10-20 9649b35692 [DOCS] Fix grammatical errors (thanks to Simon Schaufelberger)
  • 2023-10-19 413b411637 [DOCS] Clarify usage of "value" with "property" in <f:form.*> ViewHelpers (thanks to Simon Praetorius)
  • 2023-10-19 6fce7e8b14 [TASK] Update terser to 5.22 (thanks to Andreas Kienast)
  • 2023-10-19 0ea99d7abb [TASK] npm: update vulnerable dev dependencies (thanks to Andreas Kienast)
  • 2023-10-19 9fd4a0eaa9 [TASK] Streamline providing CSP mutations (thanks to Oliver Hader)
  • 2023-10-19 dba6f482cf [TASK] Update ckeditor5 to v40 (thanks to Andreas Kienast)
  • 2023-10-18 426697355f [BUGFIX] Handle missing TCA|ctrl|title in recycler schedule task (thanks to Markus Klein)
  • 2023-10-18 1c4e80174d [BUGFIX] Adjust config file path in Install Tool password hint (thanks to Jan Greth)
  • 2023-10-18 3a62b4ff86 [BUGFIX] Prevent superfluous SELECT DATABASE() statements (thanks to Christoph Lehmann)
  • 2023-10-18 0335da4952 [BUGFIX] Allow more TCA types for reaction fields (thanks to Georg Ringer)
  • 2023-10-18 979a45715d [TASK] Add phpstan check for unneeded pseudo uncertain instanceof usage (thanks to Benjamin Franzke)
  • 2023-10-17 0443b41833 [BUGFIX] Workspaces: handle TCA without transOrigPointerField (thanks to Markus Klein)
  • 2023-10-16 1907d333d3 [BUGFIX] Provide CSP ReportRepository ONLY_FULL_GROUP_BY support (thanks to Oliver Hader)
  • 2023-10-15 87ab6195f2 [BUGFIX] Properly pass option untrusted to addQueryString (thanks to Patrick Schriner)
  • 2023-10-15 f61d4a826c [BUGFIX] Change to "move elements" when using cut in file list dot-menu (thanks to Kevin Appelt)
  • 2023-10-15 bd017e6709 [TASK] Migrate getAccessibleMockForAbstractClass for EXT:form controller (thanks to Oliver Klee)
  • 2023-10-15 07115aa582 [BUGFIX] Fix another PHP 8 warning in DataHandler (thanks to Philipp Kitzberger)
  • 2023-10-15 511a1a01ca [BUGFIX] Avoid GU::trimExplode('', null) in BU::getProcessedValue() (thanks to Christian Kuhn)
  • 2023-10-12 638ba52dc0 [TASK] Use descriptions over placeholders in sys_file_storage (thanks to Nikita Hovratov)
  • 2023-10-11 496b278e29 [DOCS] Correct wrong YAML configuration example in changelog (thanks to Mehdi Chaouch)
  • 2023-10-10 49fdcd664d [TASK] Set TYPO3 version to 12.4.8-dev (thanks to Oliver Hader)