TYPO3 7.6.40 ELTS

Release Notes

Version 7.6.40 ELTS

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2015-11-10 until 2018-11-27.
Extend your support now until 2021-11-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 7.6.40

This document contains information about TYPO3 CMS 7.6.40 which was released on 17.12.2019.

Get TYPO3 v7.6.40 now


This is TYPO3 CMS ELTS Release of version 7.6.40

Checksums of TYPO3 7.6.40


18b4ca7daaf80001225807e970780119000cffe8a07bd7da36a2981cd8db91fd typo3_src-7.6.40.tar.gz
ba7bdf4cf6a178ea1067f487e9d9e0eed9fd9d2cc5cc7de4dc1193be70d04add typo3_src-7.6.40.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/7.6.40/tar.gz
wget --content-disposition https://get.typo3.org/7.6.40/tar.gz.sig
gpg --verify typo3_src-7.6.40.tar.gz.sig typo3_src-7.6.40.tar.gz


  • 2019-12-17 e7abe0c4e8 [RELEASE] Release of TYPO3 7.6.40 (thanks to Andreas Fernandez)
  • 2019-12-17 210248b4be [SECURITY] Avoid XSS by correctly encoding typolink results (thanks to Oliver Hader)
  • 2019-12-17 1b1cbc3b10 [SECURITY] Prevent SQLi in ext:lowlevel QueryGenerator (thanks to Frank Naegler)
  • 2019-12-17 ab2639f75b [TASK] Streamline frontend user password recovery process (thanks to Oliver Hader)
  • 2019-12-17 7368f69825 [SECURITY] Avoid directory traversal on archive extraction (thanks to Andreas Fernandez)
  • 2019-12-17 749ac0c1a5 [SECURITY] XSS in file list through file extension (thanks to Andreas Fernandez)
  • 2019-12-17 b66cdbf28c [SECURITY] Avoid insecure deserialization in QueryGenerator & QueryView (thanks to Frank Naegler)
  • 2019-12-16 ab2de5cc12 [SECURITY] Avoid possible insecure deserialization in Extbase (thanks to Oliver Hader)
  • 2019-12-09 eb76b620bf [BUGFIX] Prevent encoding of search form (thanks to Andreas Fernandez)