TYPO3 6.0.12

Release Notes

Version 6.0.12

This version is not supported anymore.

The TYPO3 CMS community supported from 2012-11-27 until 2013-04-30. Please consider updating to a newer version.

Release Notes for TYPO3 CMS 6.0.12

This document contains information about TYPO3 CMS 6.0.12 which was released on December 10th, 2013.


This release is a security release.


Due to security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.5.32, 4.7.17, 6.0.12 and 6.1.7.\ Find more details in the security bulletin: <https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/&gt;



MD5 checksums

07c789c3986778fc5a6d10d71c2ee093  blankpackage-6.0.12.tar.gz
9f581f1531fbd53c2ff5ac01af607f92  blankpackage-6.0.12.zip
da0b1a03940f0f968cab4d63a0cdfae6  dummy-6.0.12.tar.gz
aea7b13c14b0a172b8fc699748f5d8e4  dummy-6.0.12.zip
19d97301de624a5996eae506aeb995d8  typo3_src+dummy-6.0.12.zip
8238e4af63bfbca34d43193065604d34  typo3_src-6.0.12.tar.gz
25ba5afe61b5d426a1895fb298536b7a  typo3_src-6.0.12.zip


The usual upgrading procedure applies. No database updates are necessary.


Here is a list of what was fixed since [6.0.11](TYPO3_6.0.11 "wikilink"):

  • [RELEASE] Release of TYPO3 6.0.12
  • [SECURITY] XSS in header link of all content elements (#31206)
  • [SECURITY] XSS in colorpicker wizard (#42772)
  • [SECURITY] Prevent editor controlled hmac content (#45043)
  • [SECURITY] XSS in backend user adminstration (#48691)
  • [SECURITY] Information Disclosure in Wizards (#41714)
  • [SECURITY] Fix open redirection in openid extension (#54099)
  • [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (#48187)
  • [SECURITY] XSS in be_layout wizard (#36768)
  • [SECURITY] XSS in beuser VH (#47086)
  • [SECURITY] Remove possible XSS from ActionController Error output (#54074)
  • [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (#54073)
  • [BUGFIX] ClientUtility does not detect Internet Explorer 11 (#54124)
  • [BUGFIX] Add missing namespacing for calling GeneralUtility (#54117)
  • [BUGFIX] ext:adodb Restrict connection wizard to admins (#42651)
  • [TASK] Set TYPO3 version to 6.0.12-dev