TYPO3 6.2.16

Release Notes

Version 6.2.16

This version is not supported anymore.

The TYPO3 CMS community supported from 2014-03-25 until 2017-04-04. Extended security & compatibility support (ELTS) expired on 2021-03-31.

Please consider updating to a newer version.

Release Notes for TYPO3 CMS 6.2.16

This document contains information about TYPO3 CMS 6.2.16 which was released on December 15th, 2015.


This release is a combined bug fix and security release.


Find more details in the security bulletins:



MD5 checksums

fb16572c728e6d2ef73d3d408c80f733  typo3_src-6.2.16.tar.gz
72ebbe5e6a68ee58ebcd23c4e8f45dd8  typo3_src-6.2.16.zip


The usual upgrading procedure applies. No database updates are necessary.\ It might be required to clear all caches; the “important actions” section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since [6.2.15](TYPO3_CMS_6.2.15 "wikilink"):

2015-12-15  a919684                  [RELEASE] Release of TYPO3 6.2.16 (TYPO3 Release Team)
2015-12-15  29ae05c  #59417          [SECURITY] Open shockwave inclusion in flvplayer.swf (Oliver Hader)
2015-12-15  420f5ed  #41690          [SECURITY] Escape caption of media using css_styled_content (Georg Ringer)
2015-12-15  7e4bdf4  #23155          [SECURITY] XSS in search results (Wouter Wolters)
2015-12-15  b341d84  #37399          [SECURITY] Fix XSS in rtehtmlarea (Georg Ringer)
2015-12-15  5c5babc  #71683          [SECURITY] Fix XSS in bullet list element (Georg Ringer)
2015-12-15  e737a34  #25245          [SECURITY] Replace parseFunc with htmlspecialchars in element &quot;table&quot; (Georg Ringer)
2015-12-15  2dbcfaa  #68735          [SECURITY] XSS in Link Validator (Georg Ringer)
2015-12-15  419e986  #25243          [SECURITY] Possible XSS in felogin messages (Georg Ringer)
2015-12-15  c440874  #25227          [SECURITY] XSS through WS comments (Wouter Wolters)
2015-12-15  25a1473  #71698          [SECURITY] Link fields accept inline javascript code (Oliver Hader)
2015-12-15  df2d3d7  #59150          [SECURITY] Fix several XSS issues (Nicole Cordes)
2015-12-15  1205071  #71524          [SECURITY] Prevent XSS in TER download dialog (Nicole Cordes)
2015-12-15  0d11eaf  #72224          [BUGFIX] Handle content with no markers in substituteMarkerArrayCached (Markus Klein)
2015-12-15  7cc6b2d  #64552          [BUGFIX] Make openid usable on IE 11 (Markus Klein)
2015-12-15  36de9bf  #61017          [BUGFIX] Track pids of deleted/moved records to clear cache (Jan Helke)
2015-12-12  41bc634  #69317          [BUGFIX] Indexed Search: Fix warning for empty search word (Tymoteusz Motylewski)
2015-12-08  f107bcd  #72112          [TASK] travis-ci: PHP 5.6 not allowed_failure anymore (Christian Kuhn)
2015-12-08  519a461  #71686          [FOLLOWUP][BUGFIX] ImageViewHelper should catch exceptions (Andreas Allacher)
2015-12-07  83e0ef9  #32209          [BUGFIX] Use strict authMode access check for list_type (Frank Nägler)
2015-12-06  5455778  #37896          [BUGFIX] Live search shows move placeholders in draft workspace (Alexander Opitz)
2015-12-05  62a406e  #44270          [BUGFIX] Avoid overly large regex in substituteMarkerArrayCached (Benni Mack)
2015-12-04  72ebfbf  #64966          [BUGFIX] Avoid wrong SQL query in fe_login user group redirect (Frederic Gaus)
2015-12-04  202debf  #36946,#42075   [BUGFIX] Ignore placeholders when copying records (Oliver Hader)
2015-12-04  8f09bda  #67757          [BUGFIX] Sanity check is missing within MediaContentObject (Thilo Schumann)
2015-12-04  a66dd2f  #71686          [BUGFIX] ImageViewHelper should catch exceptions (Benni Mack)
2015-12-02  4491c32  #71951          [BUGFIX] DebuggerUtility: Treat null results of lazy objects correctly (Morton Jonuschat)
2015-12-01  5046f6e  #66341          [BUGFIX] Create FAL processing folders on upgrade (Daniel Neugebauer)
2015-12-01  9faa965  #66473,#66885   [BUGFIX] Fix serializable object creation with PHP 5.6 (Helmut Hummel)
2015-12-01  71b64be  #69665          [BUGFIX] Add favicon without scheme (Morton Jonuschat)
2015-11-30  e2713a5  #66169          [BUGFIX] Empty grid list in frontend workspace preview (Oliver Hader)
2015-11-30  e061c13  #71990          [TASK] Add possibility to purge workspaces move placeholder (Oliver Hader)
2015-11-30  59f414d  #71988          [TASK] Extend regular workspaces DataHandler functional tests (Oliver Hader)
2015-11-30  ba9b137  #71986          [TASK] Extend workspaces DataHandler functional tests (Oliver Hader)
2015-11-29  5f12cb4  #71947          [TASK] Travis: Disable Xdebug (Nicole Cordes)
2015-11-27  be570a5  #69376          [BUGFIX] EXT:form - OPTGROUP cannot be a child element of SELECT (Ralf Zimmermann)
2015-11-27  02e124b  #62713          [BUGFIX] EXT:form - accept-charset in form not working (Ralf Zimmermann)
2015-11-27  49ec453  #69395          [BUGFIX] Allow reply-to mail header in EXT:form (Ralf Zimmermann)
2015-11-27  f6b770a  #71197          [BUGFIX] Assure correct INCLUDE_TYPOSCRIPT with relative paths on subpages (Daniel Goerz)
2015-11-26  1601262  #58816          [TASK] Disallow multi-line HTTP headers (Helmut Hummel)
2015-11-24  8b37e9e  #69630          [BUGFIX] Save parents localized uid as child reference (Nicole Cordes)
2015-11-24  61721a7  #52261          [BUGFIX] Position NULL-Checkbox left of TCA input (Stephan Großberndt)
2015-11-22  d050733  #71734          [BUGFIX] Check webmounts for backend user in workspace preview (Nicole Cordes)
2015-11-21  2600181  #62280          [BUGFIX] Prevent deletion of closing bracket via INCLUDE_TYPOSCRIPT (Andreas Allacher)
2015-11-20  1d6148a  #71669          [TASK] Remove Ter.json template in extension manager (Nicole Cordes)
2015-11-20  5535024  #71730          [BUGFIX] Remove double encoding of fieldset in extension &quot;felogin&quot; (Martin Kutschker)
2015-11-20  1053983  #71716          [TASK] Add unit tests for spamProtectEmailAddresses (Oliver Hader)
2015-11-20  cdabe70  #71706,#68905   [SECURITY][TASK] Blind more options in the configuration module (Georg Ringer)
2015-11-17  3d5f9cf  #71620          [BUGFIX] Fix f:cObject documentation example (Josef Glatz)
2015-11-15  746c162  #71394          [BUGFIX] Empty array not encoded as empty XML tag (Andreas Wolf)
2015-11-14  dbeaf26  #68368          [BUGFIX] .htaccess created for log folder outside PATH_site (Andreas Wolf)
2015-11-13  969763f  #69354          [BUGFIX] Fix l10n identifier string in date validator of EXT:form (Ralf Zimmermann)
2015-11-13  d17475f  #69817          [BUGFIX] EXT:form - error in mail process if label layout contains label (Ralf Zimmermann)
2015-11-13  618243a  #69356          [BUGFIX] Handling of uploaded files not within open_basedir (Morton Jonuschat)
2015-11-13  d1fc019  #66045          [BUGFIX] BackendUtility: Skip rendering thumbnails for anything but files (Morton Jonuschat)
2015-11-13  399689d  #69807          [BUGFIX] EXT:form - avoid number reduction in currency filter (Ralf Zimmermann)
2015-11-12  67f4a6b  #71544          [TASK] Fix deprecation-message in FormEngine (Stefan Neufeind)
2015-11-12  e911ecd  #71096          [BUGFIX] Replace old @dontvalidate with @ignorevalidation (Stefan Neufeind)
2015-11-12  38711f8  #70481          [BUGFIX] Ensure processing folder within another storage is created (Benjamin Mack)
2015-11-09  8e5e363  #71435,#70718   Revert &quot;[BUGFIX] IMG_RESOURCE does not prepend absRefPrefix&quot; (Andreas Allacher)
2015-11-06  8e93a19  #70685          [BUGFIX] Add img longdescUrl only if available (Benjamin Mack)
2015-11-05  07fb93a  #59226          [BUGFIX] Non-admins cannot use mass actions in a workspace (Oliver Hader)
2015-11-05  267843d  #71125          [TASK] Allow to define multiple DataHandler commands for one element (Oliver Hader)
2015-11-05  12fc7a3  #71342          [TASK] Extend functional test cases for copying data (Oliver Hader)
2015-11-04  0283889  #67764          [BUGFIX] t3editor: menu objects: common properties missing (Andreas Bouche)
2015-10-31  0ab0bb9  #70283          [TASK] Support EXT: syntax in TCA ctrl iconfile (Stephan Großberndt)
2015-10-31  7cf5133  #71222          [TASK] Add possibility to copy pages recursively in functional tests (Oliver Hader)
2015-10-31  46d6e9a  #70637          [BUGFIX] EXT:form - HIDDEN element cannot be accessed in form wizard (Björn Jacob)
2015-10-30  2183390  #71161          [BUGFIX] Workspace placeholder is not processed with eval-function (Oliver Hader)
2015-10-29  2a1ecdc  #71057          [BUGFIX] Add class alias of class loader to alias map (Helmut Hummel)
2015-10-29  d3fb300  #67303          [BUGFIX] Change default label for sys_file_references (Bernd Wilke)
2015-10-21  e3da3d2  #70864          [BUGFIX] Invalid behaviour with GeneralUtility::trimExplode() (Xavier Perseguers)
2015-10-20  db1be09  #68231          [BUGFIX] Allow log files to be outside PATH_site (Andreas Wolf)
2015-10-20  e3df787  #70632          [FOLLOWUP][TASK] Properly encode database input in Typo3DbQueryParser (Morton Jonuschat)
2015-10-20  59e2ff3  #70632          [TASK] Properly encode database input in Typo3DbQueryParser (Helmut Hummel)
2015-10-19  8937b59  #61750          [BUGFIX] Child sorting is lost after publishing workspace data (Oliver Hader)
2015-10-19  86ffeb5  #69967          [TASK] Extract data overlay handling to common class (Oliver Hader)
2015-10-19  f186f39  #70697          [BUGFIX] Possible silent fatal error with legacy extensions (Xavier Perseguers)
2015-10-17  fcf6f28  #63380          [BUGFIX] Add stdWrap support for Partial- and layoutRootPaths (Anja Leichsenring)
2015-10-11  c378495  #69263          [FOLLOWUP][BUGFIX] Do not crop inside known html tags (Benjamin Mack)
2015-10-11  aac1705  #69263          [BUGFIX] Do not crop inside known html tags (Benjamin Mack)
2015-10-09  f52c871  #69861          [BUGFIX] Support URLs in image tag generation (Nicole Cordes)
2015-10-08  6caf9a2  #70465          [TASK] Update static composer class loading (Helmut Hummel)
2015-10-08  6db8afe  #69476          [BUGFIX] Fix Liskov substitution violation in PackageManager (Helmut Hummel)
2015-10-08  3eaa271  #61179          [BUGFIX] Flaws in copying a page with localized content elements (Oliver Hader)
2015-10-06  1292b54  #70436          [TASK] Enforce optimized composer autoloader (Helmut Hummel)
2015-10-05  4ea7460  #65904          [BUGFIX] Prevent current extension version in update dialog (Nicole Cordes)
2015-10-01  2a990e0  #70264          [TASK] Prevent gathering update information on Ter installation (Nicole Cordes)
2015-09-30  cc04ac1  #69833          [BUGFIX] Use correct storage when getting public url of processed file (Nicole Cordes)
2015-09-25  5b81166  #70111          [BUGFIX] Use extension key for ExtensionManagementUtility::siteRelPath (Nicole Cordes)
2015-09-24  a8adda4  #69875          [BUGFIX] Use proper fieldname to check result in getFirstTimeValueForRecord() (Georg Ringer)
2015-09-23  25a6973  #69642          Revert &quot;[BUGFIX] Draft usergroup access rights are now respected&quot; (Alexander Opitz)
2015-09-23  f28e93d  #70053          [BUGFIX] Fix wrong TypoScript variable name in felogin documentation (Felix Heller)
2015-09-22  27ec0fc  #39383          [BUGFIX] Delete move placeholders upon record deletion (Bart Dubelaar)
2015-09-19  e6d091a  #69969          [TASK] Extend workspaces functional tests concerning move-placeholders (Oliver Hader)
2015-09-18  adbca66  #69953          [FOLLOWUP][BUGFIX] _languageUid property not set on insert (Morton Jonuschat)
2015-09-18  4f6d166  #65363,#65364   [BUGFIX] _languageUid property not set on insert (Marco Huber)
2015-09-18  361ad4d  #59112          [TASK] Add functional test cases for IRRE children without default sortby (Oliver Hader)
2015-09-14  4bfd041  #69304          [BUGFIX] InstallTool: Optimize ALTER TABLE for auto_increment columns (Morton Jonuschat)
2015-09-13  b8324a4  #68991          [BUGFIX] Correct TYPO3 logo used in icons (Benjamin Kott)
2015-09-13  86b0a64  #69762          [TASK] Enable color output for unit/functional tests (Mathias Brodala)
2015-09-11  c2c2d65  #69135          [BUGFIX] Fix BackendUtility::selectVersionsOfRecord parameter (Alexander Opitz)
2015-09-10  5380aa9  #69628          [BUGFIX] Wrong marker mentioned in documentation of ext:felogin (Wouter Wolters)
2015-09-10  119d960  #69516          [BUGFIX] IMG_RESOURCE does not prepend absRefPrefix (Heiko Kromm)
2015-09-09  d846878  #67245          [BUGFIX] Prevent information disclosure in file list (Nicole Cordes)
2015-09-09  95eb409  #27760          [BUGFIX] DBAL: Fix quoting of single quotes in WHERE values for MSSQL (Morton Jonuschat)
2015-09-09  c3fd350  #68585          [BUGFIX] Catch exceptions during extension update check (Nicole Cordes)
2015-09-08  a74669c                  [TASK] Set TYPO3 version to 6.2.16-dev (TYPO3 Release Team)