TYPO3 4.4.1

Release Notes

Version 4.4.1

This version is not supported anymore.

The TYPO3 CMS community supported from 2010-06-22 until 2011-02-02. Please consider updating to a newer version.

Release Notes for TYPO3 4.4.1

This document contains information about TYPO3 version 4.4.1 which was released on July 28, 2010.

News

This release is a bugfix and security release.

Notes

Due to several security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.1.14, 4.2.13, 4.3.4 and 4.4.1.\ Find more details in the security bulletin: <https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/&gt;

Download

<https://typo3.org/download/&gt;

MD5 checksums

129fa64e8b0652a8f068ca05f0788228  dummy-4.4.1.tar.gz
1dc81b22a2e90d72aa04c1636ac77503  dummy-4.4.1.zip
814955d60dbf5a7c043f23a158aa43bd  typo3_src-4.4.1.tar.gz
2a4e2f4aa0c0ef72fb710cdc809516f7  typo3_src-4.4.1.zip
808adc79f7e5f0e0f3e8a4ddc1c73a54  typo3_src+dummy-4.4.1.zip
d6b700957a570806fb454eb4de9937a1  introductionpackage-4.4.1.zip

Upgrading

The usual upgrading procedure applies; no database updates are necessary.

Changelog

2010-07-28  Benjamin Mack  &lt;benni@typo3.org&gt;

    * Release of TYPO3 4.4.1

2010-07-28  Oliver Hader  &lt;oliver@typo3.org&gt;

    * Raised Extbase and Fluid from 1.2.0 to 1.2.1
    * Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)
    * Fixed bug #14978: XSS in file tree (thanks to Georg Ringer)
    * Fixed bug #13292: TYPO3 error message reveals path to web root (thanks to Xavier Perseguers)
    * Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
    * Fixed bug #14950: XSS in t3editor (thanks to Tobias Liebig)
    * Fixed bug #14850: Information disclosure in t3lib_htmlmail (thanks to Georg Ringer)
    * Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
    * Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
    * Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
    * Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
    * Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
    * Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
    * Fixed bug #13989: Mitigate PHP&#039;s RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
    * Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
    * Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
    * Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag is not set (thanks to Helmut Hummel)
    * Fixed bug #14389: phtml is also PHP extension and should be denied editing / uploading via fileadmin (thanks to Ernesto Baschny)
    * Follow-up to bug #14389: Added unit test
    * Fixed bug #1985: XSS vulnerability in wizard classes
    * Fixed bug #15223: Password request hash in felogin is created with not enough randomness (thanks to Helmut Hummel)
    * Fixed bug #14712: The GET/POST variable mimeType is used to create the http header content-type without verification (thanks to Rupert Germann)
    * Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_THE_FIELD_NAME### is not quoted (thanks to Helmut Hummel and Xavier Perseguers)
    * Fixed bug #14114: Core mailform is open to spam abuse (thanks to Lars Houmark)
    * Fixed bug #12294: Unchecked URL-Redirect parameter in Front-End logon (thanks to Steffen Kamper and Helmut Hummel)
    * Fixed bug #13137: redirect/returnUrl isn&#039;t validated in core (thanks to Georg Ringer and Marcus Krause)

2010-07-27  Steffen Kamper  &lt;steffen@typo3.org&gt;

    * Fixed bug #14920: Cache cannot be cleared in IE8
    * Fixed bug #15252: Bug: Backend shortcut cannot be set in IE8
    * Fixed bug #15228: Links in TS object browser tree forget the breakkpoint
    * Fixed bug #14946: Switching workplaces causes nesting of BE (Thanks to Stefan Galinski)
    * Fixed bug #13649: Deprecated function sql_regcase in cms/tslib/class.tslib_pagegen.php (Thanks to Martin M¸ller)

2010-07-27  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Fixed bug #15147: Inconsistent icon usage for Edit Page Properties (thanks to Georg Ringer)

2010-07-27  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #15244: htmlArea RTE: textearea Id may not be unique in FE
    * Fixed bug #15250: htmlArea RTE: FE additionalJS_post javascript may be displayed as HTML text
    * Fixed bug #15121: htmlArea RTE: Javascript Error in IE7 prevent Link dialogue from opening
    * Fixed bug #14859: htmlArea RTE won&#039;t load in backend extension

2010-07-27  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #15196: [caching framework] Speedup t3lib_cache_backend_DbBackend::has($entryIdentifier) (Thanks to Michael Knabe)
    * Fixed bug #13060: t3lib_htmlmail: Deprecated message with PHP 5.3 for sql_regcase (Thanks to Martin Müller)

2010-07-26  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #15243: htmlArea RTE: Extension stylesheets refer to incorrect selectors

2010-07-26  Dmitry Dulepov  &lt;dmitry@typo3.org&gt;

    * Reverted the fix for #15128 because further investigation is required

2010-07-25  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Fixed bug #14849: Sprites - user defined page types/modules are not respected anymore (thanks to Steffen Ritter)

2010-07-25  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Updated htmlArea RTE version to 2.0.3

2010-07-24  Steffen Kamper  &lt;steffen@typo3.org&gt;

    * Fixed bug #14794: Missing border-bottom for inactive tabs (Thanks to Steffen Gebert)
    * Fixed bug #15188: Remove default greyed out effect for CEs (Thanks to Steffen Gebert)
    * Fixed bug #14969: Colors for highlighting the tree and a versioned page can&#039;t be distinguished (Thanks to Steffen Gebert)

2010-07-23  Steffen Kamper  &lt;steffen@typo3.org&gt;

    * Fixed bug #15195: TSanalyzer: Add link to breakpoints also in syntaxhighlight mode

2010-07-23  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #15203: htmlArea RTE: Modify link option missing in context menu
    * Fixed bug #15050: htmlArea RTE: .htmlarea .statusBar relative path incorrect (Thanks to Felix Kopp)

2010-07-21  Ingo Renner  &lt;ingo@typo3.org&gt;

    * Fixed bug #15179: Tree depth retrieval inconsistently limited to 20 levels int3lib_pageSelect

2010-07-21  Steffen Kamper  &lt;steffen@typo3.org&gt;

    * Fixed bug #15067: Background Image in Element Browser is repeated, but should not be! (Thanks to Steffen Gebert)
    * Fixed bug #15156: Text in template analyzer is &quot;white on white&quot; if syntax highlighting is disabled (Thanks to Steffen Gebert)

2010-07-19  Dmitry Dulepov  &lt;dmitry@typo3.org&gt;

    * Fixed bug #15130: Backend search does not find non-latin1 characters
    * Fixed bug #15128: RTE creates &lt;link&gt; tag incorrectly if there is a non-empty title

2010-07-18  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #15169: Superfluous comma in CSS

2010-07-18  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Fixed bug #15000: remove IM 4.2.9 recommendation in install tool (Thanks to Steffen Gebert)
    * Fixed bug #14998: Upgrade Wizards: Headlines have too much space below (Thanks to Steffen Gebert)

2010-07-16  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #14982: Make alt_doc.php unit testable (Thanks to Ingo Schmitt)
    * Fixed bug #15142: [Unit tests] Remove unnecessary require_once() calls

2010-07-14  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #14911: Validation errors in list view (Thanks to Georg Ringer)

2010-07-14  Dmitry Dulepov  &lt;dmitry@typo3.org&gt;

    * Fixed bug #6208: zlib must be compiled in to make an extension lookup
    * Fixed bug #12322: cHash is generated when no parameters are given

2010-07-13  Francois Suter  &lt;francois@typo3.org&gt;

    * Fixed bug: #15054: Scheduler: BE module does not use new skin properly

2010-07-13  Jeff Segars  &lt;jeff@webempoweredchurch.org&gt;

    * Fixed bug #14775: Old table header styling in Extension Manager (Thanks to Ralf Büchner)
    * Fixed bug #15088: Using sprites breaks setting links to content elements (Thanks to Georg Ringer)

2010-07-13  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #15097: Intro looks weird with module and no submodules (Thanks to Georg Ringer)
    * Fixed bug #15073: inlineJS creates superfluous markup (Thanks to Georg Ringer)
    * Fixed bug #15103: TS Errors are hardly readable (white on yellow) (Thanks to Georg Ringer)
    * Fixed bug #15098: TS Errors should be shown with flash messages (Thanks to Georg Ringer)
    * Fixed bug #14855: Big Buttons in Page Module miss padding (Thanks to Georg Ringer)

2010-07-13  Xavier Perseguers  &lt;typo3@perseguers.ch&gt;

    * Fixed bug #15096: Missing icon for _recycler_ folders

2010-07-12  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #15082: [openDocs] Exception is thrown if a record isn&#039;t found

2010-07-12  Dmitry Dulepov  &lt;dmitry@typo3.org&gt;

    * Fixed bug #1235: indexed search: garbage instead of cHash in the &quot;path&quot; link (thanks to Nikolas Hagelstein)

2010-07-11  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #14970: ts browser condition results in error if browser is unknown (Thanks to Caspar Stuebs)

2010-07-11  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Fixed bug #14923: CleanUp: getIconImage is not replaced in Core (thanks to Steffen Ritter)
    * Follow-up to #15045: Trailing newlines after php closing tag. (Thanks to Nikolas Hagelstein)

2010-07-10  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #14896: ExtJS is not included when RTE is invoked by USER_INT frontend script

2010-07-09  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #15061: Remove XCLASS from t3lib_utility_Http (Thanks to Georg Ringer)
    * Fixed bug #15055: Scheduler: Date picker is broken in add/edit form
    * Fixed bug #14988: TYPO3.Backend is assigned twice by ExtDirect and the viewport (Thanks to Stefan Galinski)
    * Fixed bug #15045: Trailing newlines after php closing tag. (Thanks to Nikolas Hagelstein)

2010-07-08  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Follow-up to #14719: Wrong code comment (QUICKSTART/FIRST_INSTALL) (thanks to Steffen Gebert)
    * Fixed bug #14813: Install Tool uses deprecated function t3lib_stdGraphic-&gt;imagecreate() (thanks to Stefan Galinski)

2010-07-08  Dmitry Dulepov  &lt;dmitry@typo3.org&gt;

    * Fixed bug #15049: &quot;Fileextension&quot; is not an English word

2010-07-07  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #14968: Add unit tests for t3lib_div::validIP (Thanks to Nikolas Hagelstein and Felix Kopp)

2010-07-07  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Follow-up to #14845: No preview images with referenced files anymore (thanks to Stefan Galinski)

2010-07-06  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Fixed bug #14845: Bug: Filelist module reports &quot;type&quot; of files also for directories  (thanks to Caspar Stuebs and Andy Grunwald)

2010-07-06  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #14984: Add example unit tests from T3DD10 unit testing workshop (Thanks to Oliver Klee)
    * Fixed bug #14885: No access to taskcenter (tasks) for non-admins (Thanks to Jigal van Hemert)
    * Fixed bug #14991: Missing fields in &quot;showRecordFieldList&quot; at the TCA for fe_users (Thanks to Frank Nägler)
    * Fixed bug #14972: Add unit tests for t3lib_div::removeArrayEntryByValue (Thanks to Thorben Kapp)
    * Fixed bug #14967: [Caching framework] fileBackend testcase removes files in /sbin
    * Fixed bug #14977: Add php cache frontend to t3lib/config_default.php (Thanks to Felix Oertel)

2010-07-06  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #14960: [t3skin] apps-pagetree.css is redundant (Thanks to Felix Kopp)
    * Follow-up to #13379: Sprite Icon API (Thanks to Steffen Ritter)
    * Fixed bug #14980: Install tool causes PHP warnings if typo3conf/ is not writeable

2010-07-05  Susanne Moog  &lt;typo3@susanne-moog.de&gt;

    * Follow-up to #14705: In BE login form labels: position of caps lock warning  (thanks to Steffen Gebert)
    * Fixed bug #14880: introduced type hinting in t3lib_iconWorks (thanks to Jigal van Hemert)
    * Fixed bug #14824: wrong icon in template analyzer (thanks to Georg Ringer)

2010-07-05  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * #12514: Installtool duplicates values of fields with defaultTypoScript_constants
    * Fixed bug #10958: Broken i18n_parent relation upon localizing records in workspace (Thanks to Tolleiv Nietsch)
    * Fixed bug #14907: Help Modules can not be disabled on a per user basis (Thanks to Georg Ringer)
    * Fixed bug #14957: Styling of record history (Thanks to Georg Ringer)

2010-07-04  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #14929: htmlArea RTE: Font Family and Font Size Dropdown boxes don&#039;t open
    * Fixed bug #14996: htmlArea RTE: Clicking in drop down boxes should mark text

2010-07-02  Christian Kuhn  &lt;lolli@schwarzbu.ch&gt;

    * Fixed bug #14947: Missing closing div in db_new_content_el.php (Thanks to Georg Ringer)

2010-06-29  Ernesto Baschny  &lt;ernst@cron-it.de&gt;

    * Fixed bug #14810: Follow-up to bug #13670: Export module does not keep pagetree configuration (exports only the page tree) (Thanks to Thomas Juhnke)

2010-06-29  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #14905: htmlArea RTE: Image dialogue shows tab &quot;Current picture&quot; when there is no current image

2010-06-29  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Follow-up to #14553: topFrameH configuration option doesn&#039;t work anymore

2010-06-28  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #14830: htmlArea RTE: Entering line breaks with Safari not possible

2010-06-27  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #14886: htmlArea RTE: Incorrect function scope when error is raised
    * Fixed bug #14887: htmlArea RTE: RTE may be started before style sheets are loaded

2010-06-26  Stanislas Rolland  &lt;typo3@sjbr.ca&gt;

    * Fixed bug #14876: htmlArea RTE: SelectFont plugin may cause js error
    * Follow-up to bug #14793: htmlArea RTE: Problematic icons in IE6

2010-06-25  Steffen Kamper  &lt;info@sk-typo3.de&gt;

    * Fixed bug #14870: typo in parameter type causes php error (Thanks to Jigal van Hemert)
    * Fixed bug #14866: Quicktime audio format m4a isn&#039;t supported
    * Fixed bug #14847: Bug: Template Analyzer: Line numbers barely readable (Thanks to Andy Grunwald)
    * Fixed bug #14857: Reports Module: Wrong icon and a styling problem (Thanks to Georg Ringer)
    * Fixed bug #14834: About module need padding
    * Fixed bug #14844: Milliseconds on logout (Thanks to Georg Ringer)