TYPO3 12.4.8
Release Notes
Release Notes for TYPO3 CMS 12.4.8
This document contains information about TYPO3 CMS 12.4.8 which was released on 14.11.2023.
Get TYPO3 12.4.8 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2023-005
- https://typo3.org/security/advisory/typo3-core-sa-2023-006
- https://typo3.org/security/advisory/typo3-core-sa-2023-007
Checksums of TYPO3 12.4.8
SHA256
8293b3441ec133fc8f9174fab5b88f450044ded0e188a0f12de37ad60a8bf8b3 typo3_src-12.4.8.tar.gz f1bbc7460f751ee094af16e417731aeb295ed9e8b6669783b2175592c5892414 typo3_src-12.4.8.zip
SHA1
bcb5d566904409f31922847a718c60e95c910365 typo3_src-12.4.8.tar.gz 980b276357b952acd88261ea3d9d79315caecc7b typo3_src-12.4.8.zip
MD5
6d095399e01f6c5667eb5678b6f8f194 typo3_src-12.4.8.tar.gz 4cb289ddfac49cd90a2a89048f95e8bc typo3_src-12.4.8.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 12.4.7:
- 2023-11-14 639f2dbbaf [RELEASE] Release of TYPO3 12.4.8 (thanks to Oliver Hader)
- 2023-11-14 56c77d7865 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.4 (thanks to Benjamin Franzke)
- 2023-11-14 e9a0b4f28b [SECURITY] Limit user session to cookie domain (thanks to Benjamin Franzke)
- 2023-11-14 24b5f8d471 [SECURITY] Do not display full path to ENABLE_INSTALL_TOOL file (thanks to Markus Klein)
- 2023-11-13 3d982b3e05 [TASK] Stabilize ac tests again (thanks to Christian Kuhn)
- 2023-11-13 4c88a34916 [TASK] Fix changelog for TCA slug generatorOptions (thanks to Sybille Peters)
- 2023-11-13 7ee47a17f7 [BUGFIX] Verify Popover instances before usage (thanks to Christian Kuhn)
- 2023-11-13 3e5ed0e4ba [BUGFIX] Make labels in workspace preview translatable (thanks to Patrick Schriner)
- 2023-11-10 b1a7ff66b2 [BUGFIX] Properly escalate if a form HMAC fails to decode (thanks to Thomas Hohn)
- 2023-11-09 1286800f0c [BUGFIX] Show correct icon for page types in UserInformationService (thanks to Achim Fritz)
- 2023-11-09 66adf92446 [BUGFIX] Add missing file_rename labels to filelist (thanks to Patrick Schriner)
- 2023-11-08 c78e80ad09 [TASK] Update
cropperjs
library to 1.6.1 (thanks to Andreas Kienast) - 2023-11-08 2ff00e55f6 [BUGFIX] Prevent possible PHP crash with empty systemLocale (thanks to Xavier Perseguers)
- 2023-11-07 06e6c33f3a [BUGFIX] Fix possible regression in cObjGet() (thanks to Benjamin Franzke)
- 2023-11-07 a4a05e9339 [TASK] Respect the AsCommand
hidden
constructor argument (thanks to Benjamin Franzke) - 2023-11-06 b5d4461a8c [BUGFIX] Fix special characters in scheduler labels (thanks to Imko Schumacher)
- 2023-11-06 fb77b79e7a [DOCS] Add section about adding custom tables to create record reaction (thanks to Chris Müller)
- 2023-11-06 3708def6b6 [TASK] Remove superfluous typecasts in Extbase AbstractValidator (thanks to Torben Hansen)
- 2023-11-06 ba750f4a10 [DOCS] Use correct variable in code example in
ext:dashboard
(thanks to Fabio Norbutat) - 2023-11-06 e572ec6214 [DOCS] Use proper yaml quoting in MakeRefreshable.rst (thanks to Fabio Norbutat)
- 2023-11-06 528132a4b9 [BUGFIX] Update
phpstan/phpstan
to 1.10.41 (thanks to Andreas Kienast) - 2023-11-06 0ab65a4b1d [BUGFIX] Concatenate inline JavaScript with line break (thanks to Jonas Eberle)
- 2023-11-05 66a4214447 [BUGFIX] Allow to create folders with name "0" (thanks to Justus Moroni)
- 2023-11-05 975d036aec [DOCS] Fix typos and code example in be module registration API (thanks to Josef Glatz)
- 2023-11-04 e280ba99cf [BUGFIX] Respect record's overlay icon in workspace listing (thanks to Oliver Bartsch)
- 2023-11-04 ef16a6a6e2 [TASK] Migrate icon-element to @lit/task (thanks to Benjamin Franzke)
- 2023-11-04 3b4b875a0e [BUGFIX] Enable configuration passthrough for custom CKEditor5 plugins (thanks to Benjamin Franzke)
- 2023-11-03 6cb90c639b [TASK] Update bootstrap to 5.3.2 (thanks to Andreas Kienast)
- 2023-11-02 d9af934788 [BUGFIX] Prefix fields with table name in SuggestWizardDefaultReceiver (thanks to Achim Fritz)
- 2023-11-02 54cbbd9f3c [TASK] Have an event to modify constants AST in FE (thanks to Julian Mair)
- 2023-10-31 2f9415bb99 [BUGFIX] Allow custom AbortSignal to be passed to AjaxRequest methods (thanks to Benjamin Franzke)
- 2023-10-31 f5f5275c6a [TASK] Upgrade to Lit v3 (thanks to Benjamin Franzke)
- 2023-10-31 c21150b056 [BUGFIX] Update
phpstan/phpstan
to 1.10.40 (thanks to Andreas Kienast) - 2023-10-30 d194aa31d5 [TASK] Escape dynamic values in DOM selectors (thanks to Benjamin Franzke)
- 2023-10-30 f14282903f [TASK] Bump friendsofphp/php-cs-fixer:^3.37.1 (thanks to Christian Kuhn)
- 2023-10-27 a5909984ef [BUGFIX] Reset UriBuilder for links generated by PasswordRecoveryService (thanks to Garvin Hicking)
- 2023-10-26 b53ee74872 [TASK] Introduce Symfony attribute based registration of CLI commands (thanks to Bastien Lutz)
- 2023-10-26 5604ac95ef [BUGFIX] Add a few missing labels (thanks to Christian Kuhn)
- 2023-10-26 b6cbf352d3 [BUGFIX] Simplify regex for form finisher FlexForm overrides (thanks to Nikita Hovratov)
- 2023-10-26 17bec4434c [BUGFIX] Array access warning in DataHandler (thanks to Christian Kuhn)
- 2023-10-26 d396dd6a65 [TASK] Use ConsumableNonce instead of blunt Nonce in CSP context (thanks to Oliver Hader)
- 2023-10-26 f176c5ffb7 [TASK] Return __toString value from objects in DataMapper::getPlainValue (thanks to Soren Malling)
- 2023-10-26 af090e6379 [TASK] Show Content Security Policy Mutations Configuration (thanks to Oliver Hader)
- 2023-10-26 af9a058bdd [BUGFIX] Replace CSP mutation mode extend by inherit & append (thanks to Oliver Hader)
- 2023-10-25 fe8d8e677b [BUGFIX] Mark erroneous fields within
.formengine-field-item
(thanks to Andreas Kienast) - 2023-10-25 09faf08d0d [BUGFIX] Handle
null
values in input transformation in AJAX requests (thanks to Andreas Kienast) - 2023-10-25 b77aee6fcb [BUGFIX] Ensure CKEditor5 removePlugins is always a list (thanks to Benjamin Franzke)
- 2023-10-25 d1e2178eeb [BUGFIX] Handle missing t3ver_state value in workspace ElementEntityProcessor (thanks to Markus Klein)
- 2023-10-25 a93c810ee6 [TASK] Fix php-cs-fixer config (thanks to Benjamin Franzke)
- 2023-10-24 b818725f9e [TASK] Pin to PER Coding Style v1.0 (thanks to Benjamin Franzke)
- 2023-10-24 fa34bf93e1 [BUGFIX] Show label in foreign record selector (thanks to Till Hörner)
- 2023-10-24 af8a1cea43 [TASK] Bump friendsofphp/php-cs-fixer:^3.35.1 (thanks to Christian Kuhn)
- 2023-10-23 ba81fc3a33 [BUGFIX] Correct link to limit shown entries in record history module (thanks to Jasmina Ließmann)
- 2023-10-23 b6ed3f6ed8 [BUGFIX] Avoid PHP array access error in workspaces (thanks to Christian Kuhn)
- 2023-10-23 d3d7160ca8 [BUGFIX] Display human-readable preview of FlexForm values (thanks to Uwe Trotzek)
- 2023-10-23 0ce568c84e [BUGFIX] Do not flush rootline cache when be user visits the website (thanks to Christoph Lehmann)
- 2023-10-23 5463a19dc6 [TASK] Show original user on new line in ElementHistoryController (thanks to Josef Glatz)
- 2023-10-22 b497cc7013 [TASK] Remove dead catch in ImageViewHelper (thanks to Nikita Hovratov)
- 2023-10-22 b88d8c9aae [TASK] Avoid misusing csv file of different test in ImageViewHelperTest (thanks to Nikita Hovratov)
- 2023-10-22 d762c35ad9 [TASK] Improve invalidArguments tests for ImageViewHelper (thanks to Nikita Hovratov)
- 2023-10-20 43da9cd7f5 [TASK] Replace tabs with spaces in xml files (thanks to Nikita Hovratov)
- 2023-10-20 9649b35692 [DOCS] Fix grammatical errors (thanks to Simon Schaufelberger)
- 2023-10-19 413b411637 [DOCS] Clarify usage of "value" with "property" in <f:form.*> ViewHelpers (thanks to Simon Praetorius)
- 2023-10-19 6fce7e8b14 [TASK] Update
terser
to 5.22 (thanks to Andreas Kienast) - 2023-10-19 0ea99d7abb [TASK] npm: update vulnerable dev dependencies (thanks to Andreas Kienast)
- 2023-10-19 9fd4a0eaa9 [TASK] Streamline providing CSP mutations (thanks to Oliver Hader)
- 2023-10-19 dba6f482cf [TASK] Update ckeditor5 to v40 (thanks to Andreas Kienast)
- 2023-10-18 426697355f [BUGFIX] Handle missing TCA|ctrl|title in recycler schedule task (thanks to Markus Klein)
- 2023-10-18 1c4e80174d [BUGFIX] Adjust config file path in Install Tool password hint (thanks to Jan Greth)
- 2023-10-18 3a62b4ff86 [BUGFIX] Prevent superfluous SELECT DATABASE() statements (thanks to Christoph Lehmann)
- 2023-10-18 0335da4952 [BUGFIX] Allow more TCA types for reaction fields (thanks to Georg Ringer)
- 2023-10-18 979a45715d [TASK] Add phpstan check for unneeded pseudo uncertain instanceof usage (thanks to Benjamin Franzke)
- 2023-10-17 0443b41833 [BUGFIX] Workspaces: handle TCA without transOrigPointerField (thanks to Markus Klein)
- 2023-10-16 1907d333d3 [BUGFIX] Provide CSP ReportRepository ONLY_FULL_GROUP_BY support (thanks to Oliver Hader)
- 2023-10-15 87ab6195f2 [BUGFIX] Properly pass option untrusted to addQueryString (thanks to Patrick Schriner)
- 2023-10-15 f61d4a826c [BUGFIX] Change to "move elements" when using cut in file list dot-menu (thanks to Kevin Appelt)
- 2023-10-15 bd017e6709 [TASK] Migrate getAccessibleMockForAbstractClass for EXT:form controller (thanks to Oliver Klee)
- 2023-10-15 07115aa582 [BUGFIX] Fix another PHP 8 warning in DataHandler (thanks to Philipp Kitzberger)
- 2023-10-15 511a1a01ca [BUGFIX] Avoid GU::trimExplode('', null) in BU::getProcessedValue() (thanks to Christian Kuhn)
- 2023-10-12 638ba52dc0 [TASK] Use descriptions over placeholders in sys_file_storage (thanks to Nikita Hovratov)
- 2023-10-11 496b278e29 [DOCS] Correct wrong YAML configuration example in changelog (thanks to Mehdi Chaouch)
- 2023-10-10 49fdcd664d [TASK] Set TYPO3 version to 12.4.8-dev (thanks to Oliver Hader)