TYPO3 6.2.54 ELTS
This version is not supported anymore.
The TYPO3 CMS community supported from 2014-03-25 until 2017-04-04. Please consider updating to a newer version.
This release is a combined bug fix and security release.
Find more details in the security bulletins
With recent security-related changes, the escaping behaviour of ViewHelper arguments in Fluid has changed in a possibly breaking way. In case you encounter issues with this new behavior in a ViewHelper you can't fix, please add the following line into your
typo3conf/AdditionalConfiguration.php for each affected ViewHelper:
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'][\ACME\Extension\ViewHelpers\MyViewHelper::class] = true;
It is possible to disable the new escaping behavior globally as well, however, this is not recommended. To do so, please add the following line into your
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'] = true;
57799053f8384f8f97ca19935fc3ec2aa005b8febdbc4b5a6cc03cc8ae1cbc35 typo3_src-6.2.54.tar.gz ef806754b9280c757c5cbbbb1cd5572032d883a030971b4dd657d8e10f4f2321 typo3_src-6.2.54.zip
9043772afeb33316dbef8e4054244bc8 typo3_src-6.2.54.tar.gz ce1999de83e6569b08a5ffed046e3508 typo3_src-6.2.54.zip
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
- 2020-11-17 445fb4f76 Release version 6.2.54
- 2020-11-17 1004e76e5 [SECURITY] Protect persisted session IDs from being used directly
- 2020-11-17 57a3ba332 [SECURITY] Encode passed arguments in Fluid view helpers
- 2020-11-17 57342bbdb [SECURITY] Address XSS vulnerabilities in Fluid
- 2020-11-12 d0cd03538 [TASK] Support installation via Composer 2
- 2020-11-02 cd4b95b3f [TASK] Update build plans