TYPO3 7.6.48 ELTS
Release Notes for TYPO3 CMS 7.6.48
This document contains information about TYPO3 CMS 7.6.48 which was released on 17.11.2020.Get TYPO3 v7.6.48 now
This release is a combined bug fix and security release.
Find more details in the security bulletins
With recent security-related changes, the escaping behaviour of ViewHelper arguments in Fluid has changed in a possibly breaking way. In case you encounter issues with this new behavior in a ViewHelper you can't fix, please add the following line into your
typo3conf/AdditionalConfiguration.php for each affected ViewHelper:
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'][\ACME\Extension\ViewHelpers\MyViewHelper::class] = true;
It is possible to disable the new escaping behavior globally as well, however, this is not recommended. To do so, please add the following line into your
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'] = true;
Checksums of TYPO3 7.6.48
123890d21c8df5d305926854c56e1b601765bdabead1bed03f25455d170ab07f typo3_src-7.6.48.tar.gz 8b4fd6705c318b85259d38b7c277b6761145e9de5f13521f77ffd8b7b0c867ec typo3_src-7.6.48.zip
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/7.6.48/tar.gz wget --content-disposition https://get.typo3.org/7.6.48/tar.gz.sig gpg --verify typo3_src-7.6.48.tar.gz.sig typo3_src-7.6.48.tar.gz
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
- 2020-11-17 47413cbaff [RELEASE] Release of TYPO3 7.6.48 (thanks to Andreas Fernandez)
- 2020-11-17 cead1b3071 [SECURITY] Protect persisted session IDs from being used directly (thanks to Alexander Schnitzler)
- 2020-11-17 69d60e991a [SECURITY] Encode passed arguments in Fluid view helpers #19 (thanks to Andreas Fernandez)
- 2020-11-17 495e050ef7 [SECURITY] Address XSS vulnerabilities in Fluid (thanks to Andreas Fernandez)
- 2020-11-12 28f2422f2b [TASK] Upgrade typo3/phar-stream-wrapper to v2.2.1 (thanks to Andreas Fernandez)
- 2020-11-12 f8cd15e3ab [TASK] Support installation via Composer 2 (thanks to Andreas Fernandez)
- 2020-11-02 b31f53f99b [TASK] Update build plans (thanks to Andreas Fernandez)
- 2020-09-08 c9cd863989 [TASK] Set TYPO3 version to 7.6.48-dev (thanks to Andreas Fernandez)