TYPO3 6.2.54 ELTS

Release Notes

Version 6.2.54 ELTS

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2014-03-25 until 2017-04-04.
Extend your support now until 2021-03-31 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 6.2.54

This document contains information about TYPO3 CMS 6.2.54 which was released on 17.11.2020.

Get TYPO3 v6.2.54 now

News

This release is a combined bug fix and security release.

Find more details in the security bulletins

With recent security-related changes, the escaping behaviour of ViewHelper arguments in Fluid has changed in a possibly breaking way. In case you encounter issues with this new behavior in a ViewHelper you can't fix, please add the following line into your typo3conf/AdditionalConfiguration.php for each affected ViewHelper:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'][\ACME\Extension\ViewHelpers\MyViewHelper::class] = true;

It is possible to disable the new escaping behavior globally as well, however, this is not recommended. To do so, please add the following line into your typo3conf/AdditionalConfiguration.php:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'] = true;

Checksums of TYPO3 6.2.54

SHA256

57799053f8384f8f97ca19935fc3ec2aa005b8febdbc4b5a6cc03cc8ae1cbc35 typo3_src-6.2.54.tar.gz
ef806754b9280c757c5cbbbb1cd5572032d883a030971b4dd657d8e10f4f2321 typo3_src-6.2.54.zip

MD5

9043772afeb33316dbef8e4054244bc8 typo3_src-6.2.54.tar.gz
ce1999de83e6569b08a5ffed046e3508 typo3_src-6.2.54.zip

Upgrading

The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

  • 2020-11-17 445fb4f76 Release version 6.2.54
  • 2020-11-17 1004e76e5 [SECURITY] Protect persisted session IDs from being used directly
  • 2020-11-17 57a3ba332 [SECURITY] Encode passed arguments in Fluid view helpers
  • 2020-11-17 57342bbdb [SECURITY] Address XSS vulnerabilities in Fluid
  • 2020-11-12 d0cd03538 [TASK] Support installation via Composer 2
  • 2020-11-02 cd4b95b3f [TASK] Update build plans