TYPO3 6.0.12
Release Notes
This version is not supported anymore.
The TYPO3 CMS community supported from 2012-11-27 until 2013-04-30. Extended security & compatibility support (ELTS) expired on 2016-04-30.
Please consider updating to a newer version.
∫
Release Notes for TYPO3 CMS 6.0.12
This document contains information about TYPO3 CMS 6.0.12 which was released on December 10th, 2013.
News
This release is a security release.
Notes
Due to security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.5.32, 4.7.17, 6.0.12 and 6.1.7.\ Find more details in the security bulletin: <https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/>
Download
<https://typo3.org/download/>
MD5 checksums
07c789c3986778fc5a6d10d71c2ee093 blankpackage-6.0.12.tar.gz
9f581f1531fbd53c2ff5ac01af607f92 blankpackage-6.0.12.zip
da0b1a03940f0f968cab4d63a0cdfae6 dummy-6.0.12.tar.gz
aea7b13c14b0a172b8fc699748f5d8e4 dummy-6.0.12.zip
19d97301de624a5996eae506aeb995d8 typo3_src+dummy-6.0.12.zip
8238e4af63bfbca34d43193065604d34 typo3_src-6.0.12.tar.gz
25ba5afe61b5d426a1895fb298536b7a typo3_src-6.0.12.zip
Upgrading
The usual upgrading procedure applies. No database updates are necessary.
Changes
Here is a list of what was fixed since [6.0.11](TYPO3_6.0.11 "wikilink"):
- [RELEASE] Release of TYPO3 6.0.12
- [SECURITY] XSS in header link of all content elements (#31206)
- [SECURITY] XSS in colorpicker wizard (#42772)
- [SECURITY] Prevent editor controlled hmac content (#45043)
- [SECURITY] XSS in backend user adminstration (#48691)
- [SECURITY] Information Disclosure in Wizards (#41714)
- [SECURITY] Fix open redirection in openid extension (#54099)
- [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (#48187)
- [SECURITY] XSS in be_layout wizard (#36768)
- [SECURITY] XSS in beuser VH (#47086)
- [SECURITY] Remove possible XSS from ActionController Error output (#54074)
- [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (#54073)
- [BUGFIX] ClientUtility does not detect Internet Explorer 11 (#54124)
- [BUGFIX] Add missing namespacing for calling GeneralUtility (#54117)
- [BUGFIX] ext:adodb Restrict connection wizard to admins (#42651)
- [TASK] Set TYPO3 version to 6.0.12-dev