TYPO3 7.6.48 ELTS

Release Notes

Version 7.6.48 ELTS

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2015-11-10 until 2018-11-27.
Extend your support now until 2021-11-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 7.6.48

This document contains information about TYPO3 CMS 7.6.48 which was released on 17.11.2020.

Get TYPO3 v7.6.48 now

News

This release is a combined bug fix and security release.

Find more details in the security bulletins

With recent security-related changes, the escaping behaviour of ViewHelper arguments in Fluid has changed in a possibly breaking way. In case you encounter issues with this new behavior in a ViewHelper you can't fix, please add the following line into your typo3conf/AdditionalConfiguration.php for each affected ViewHelper:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'][\ACME\Extension\ViewHelpers\MyViewHelper::class] = true;

It is possible to disable the new escaping behavior globally as well, however, this is not recommended. To do so, please add the following line into your typo3conf/AdditionalConfiguration.php:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'] = true;

Checksums of TYPO3 7.6.48

SHA256

123890d21c8df5d305926854c56e1b601765bdabead1bed03f25455d170ab07f typo3_src-7.6.48.tar.gz
8b4fd6705c318b85259d38b7c277b6761145e9de5f13521f77ffd8b7b0c867ec typo3_src-7.6.48.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/7.6.48/tar.gz
wget --content-disposition https://get.typo3.org/7.6.48/tar.gz.sig
gpg --verify typo3_src-7.6.48.tar.gz.sig typo3_src-7.6.48.tar.gz

Upgrading

The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

  • 2020-11-17 47413cbaff [RELEASE] Release of TYPO3 7.6.48 (thanks to Andreas Fernandez)
  • 2020-11-17 cead1b3071 [SECURITY] Protect persisted session IDs from being used directly (thanks to Alexander Schnitzler)
  • 2020-11-17 69d60e991a [SECURITY] Encode passed arguments in Fluid view helpers #19 (thanks to Andreas Fernandez)
  • 2020-11-17 495e050ef7 [SECURITY] Address XSS vulnerabilities in Fluid (thanks to Andreas Fernandez)
  • 2020-11-12 28f2422f2b [TASK] Upgrade typo3/phar-stream-wrapper to v2.2.1 (thanks to Andreas Fernandez)
  • 2020-11-12 f8cd15e3ab [TASK] Support installation via Composer 2 (thanks to Andreas Fernandez)
  • 2020-11-02 b31f53f99b [TASK] Update build plans (thanks to Andreas Fernandez)
  • 2020-09-08 c9cd863989 [TASK] Set TYPO3 version to 7.6.48-dev (thanks to Andreas Fernandez)