TYPO3 7.6.40 ELTS

Release Notes

Version 7.6.40 ELTS

This version is not supported anymore.

The TYPO3 CMS community supported from 2015-11-10 until 2018-11-27. Extended security & compatibility support (ELTS) expired on 2022-11-30.

Please consider updating to a newer version.

Release Notes for TYPO3 CMS 7.6.40

This document contains information about TYPO3 CMS 7.6.40 which was released on 17.12.2019.

Get TYPO3 7.6.40 now


This release is a combined bug fix and security release.

Checksums of TYPO3 7.6.40


18b4ca7daaf80001225807e970780119000cffe8a07bd7da36a2981cd8db91fd typo3_src-7.6.40.tar.gz
ba7bdf4cf6a178ea1067f487e9d9e0eed9fd9d2cc5cc7de4dc1193be70d04add typo3_src-7.6.40.zip


f3972601156a0f013e6337d6bafc0fddbaf3abfc typo3_src-7.6.40.tar.gz
0c80beaa85135e16afb8f93065035a8b3141eaf8 typo3_src-7.6.40.zip


9934b6c358011cb022ae986b918fbf99 typo3_src-7.6.40.tar.gz
daceea4aa720845b673c469c835ae05a typo3_src-7.6.40.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/7.6.40/tar.gz
wget --content-disposition https://get.typo3.org/7.6.40/tar.gz.sig
gpg --verify typo3_src-7.6.40.tar.gz.sig typo3_src-7.6.40.tar.gz


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


  • 2019-12-17 e7abe0c4e8 [RELEASE] Release of TYPO3 7.6.40 (thanks to Andreas Fernandez)
  • 2019-12-17 210248b4be [SECURITY] Avoid XSS by correctly encoding typolink results (thanks to Oliver Hader)
  • 2019-12-17 1b1cbc3b10 [SECURITY] Prevent SQLi in ext:lowlevel QueryGenerator (thanks to Frank Naegler)
  • 2019-12-17 ab2639f75b [TASK] Streamline frontend user password recovery process (thanks to Oliver Hader)
  • 2019-12-17 7368f69825 [SECURITY] Avoid directory traversal on archive extraction (thanks to Andreas Fernandez)
  • 2019-12-17 749ac0c1a5 [SECURITY] XSS in file list through file extension (thanks to Andreas Fernandez)
  • 2019-12-17 b66cdbf28c [SECURITY] Avoid insecure deserialization in QueryGenerator & QueryView (thanks to Frank Naegler)
  • 2019-12-16 ab2de5cc12 [SECURITY] Avoid possible insecure deserialization in Extbase (thanks to Oliver Hader)
  • 2019-12-09 eb76b620bf [BUGFIX] Prevent encoding of search form (thanks to Andreas Fernandez)