TYPO3 4.7.4

Release Notes

Version 4.7.4

This version is not supported anymore.

The TYPO3 CMS community supported from 2012-04-23 until 2012-11-27. Extended security & compatibility support (ELTS) expired on 2015-11-27.

Please consider updating to a newer version.

Release Notes for TYPO3 4.7.4

This document contains information about TYPO3 version 4.7.4 which was released on August 15th 2012.

News

This release is a combined bug fix and security release.

Notes

Due to security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.5.19, 4.6.12 and 4.7.4.\ Find more details in the security bulletin: <https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/&gt;

Download

<https://typo3.org/download/&gt;

MD5 checksums

a6b868a6c56e5583900595f59cbb3f75  blankpackage-4.7.4.tar.gz
642cc68efe9d82fd8339b9e25cc6e63b  blankpackage-4.7.4.zip
f4b2107e3542ef27ccdedd176449d699  dummy-4.7.4.tar.gz
d28ea48d9997fd22164e55436221f2e4  dummy-4.7.4.zip
a8a11cb7c6f08635c3dbd26e9763e2ee  governmentpackage-4.7.4.tar.gz
3f52f9ce106c0571f0f4d2cbf334b263  governmentpackage-4.7.4.zip
f0fd18dcbeebb09d1a8c24821171c34c  introductionpackage-4.7.4.tar.gz
ef7dec6a6de68fa1445e0acf5621d359  introductionpackage-4.7.4.zip
bd05d7f1fe8fdc536862f5f1b3bab455  typo3_src+dummy-4.7.4.zip
809d837eedf2594c52a27e85d93cc9ae  typo3_src-4.7.4.tar.gz
bda2792a2d9a220c81e1d20205c0c525  typo3_src-4.7.4.zip

Upgrading

The usual upgrading procedure applies. No database updates are necessary.

Changes

Here is a list of what was fixed since [4.7.3](TYPO3_4.7.3 "wikilink"):

2012-08-15  ccf6b0a                  [RELEASE] Release of TYPO3 4.7.4 (TYPO3 Release Team)
2012-08-15  14d5d72  #21634          [SECURITY] XSS in install tool (Mario Rimann)
2012-08-15  a1c3165  #32653          [SECURITY] Page Link Target vulnerable to XSS (Markus Bucher)
2012-08-15  8cf7db7  #25052          [SECURITY] XSS in validateForm (Markus Bucher)
2012-08-15  59e028a  #25356          [SECURITY] XSS in TCE forms (Christian Kuhn)
2012-08-15  758c217  #30967          [SECURITY] XSS in Scheduler Example Task (Mario Rimann)
2012-08-15  44e8ae6  #37127          [SECURITY] HTML5 support in RemoveXSS (Franz G. Jahn)
2012-08-15  7c778d3  #39345          [SECURITY] Information Disclosure in the Configuration Module (Mario Rimann)
2012-08-15  044ae9a  #33520          [SECURITY] Untrusted GP data is unserialized in old CSH handling (Marcus Krause)
2012-08-15  0bcecd8  #31927          [SECURITY] XSS in Indexed Search statistics (Steffen Gebert)
2012-08-15  774537c  #23226Security  [SECURITY] t3lib_div::quoteJSvalue allows XSS (Helmut Hummel)
2012-08-15  a9383b1                  [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-08-15  7edbd63                  [TASK] Update version numbers to 4.7.4 (Steffen Ritter)
2012-08-08  c5e24ad                  [TASK] Set TYPO3 version to 4.7.4-dev (TYPO3 Release Team)
2012-08-08  136f73b                  [RELEASE] Release of TYPO3 4.7.3 (TYPO3 Release Team)