TYPO3 7.6.48 ELTS

Release Notes

Version 7.6.48 ELTS

This version is not supported anymore.

The TYPO3 CMS community supported from 2015-11-10 until 2018-11-27. Extended security & compatibility support (ELTS) expired on 2022-11-30.

Please consider updating to a newer version.

Release Notes for TYPO3 CMS 7.6.48

This document contains information about TYPO3 CMS 7.6.48 which was released on 17.11.2020.

Get TYPO3 7.6.48 now

News

This release is a combined bug fix and security release.

Find more details in the security bulletins

With recent security-related changes, the escaping behaviour of ViewHelper arguments in Fluid has changed in a possibly breaking way. In case you encounter issues with this new behavior in a ViewHelper you can't fix, please add the following line into your typo3conf/AdditionalConfiguration.php for each affected ViewHelper:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'][\ACME\Extension\ViewHelpers\MyViewHelper::class] = true;

It is possible to disable the new escaping behavior globally as well, however, this is not recommended. To do so, please add the following line into your typo3conf/AdditionalConfiguration.php:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['fluid']['security']['disableNewEscapingBehavior'] = true;

Checksums of TYPO3 7.6.48

SHA256

123890d21c8df5d305926854c56e1b601765bdabead1bed03f25455d170ab07f typo3_src-7.6.48.tar.gz
8b4fd6705c318b85259d38b7c277b6761145e9de5f13521f77ffd8b7b0c867ec typo3_src-7.6.48.zip

SHA1

839483be926da01702887b0051854b8f0884ec86 typo3_src-7.6.48.tar.gz
58bd1c158aee1ce11b6102cf5dee22fbdbc384f1 typo3_src-7.6.48.zip

MD5

2568b7f0d6028bd79b87b838f7f83403 typo3_src-7.6.48.tar.gz
b84bf5c802e7aa8a662fd7106e222830 typo3_src-7.6.48.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/7.6.48/tar.gz
wget --content-disposition https://get.typo3.org/7.6.48/tar.gz.sig
gpg --verify typo3_src-7.6.48.tar.gz.sig typo3_src-7.6.48.tar.gz

Upgrading

The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

  • 2020-11-17 47413cbaff [RELEASE] Release of TYPO3 7.6.48 (thanks to Andreas Fernandez)
  • 2020-11-17 cead1b3071 [SECURITY] Protect persisted session IDs from being used directly (thanks to Alexander Schnitzler)
  • 2020-11-17 69d60e991a [SECURITY] Encode passed arguments in Fluid view helpers #19 (thanks to Andreas Fernandez)
  • 2020-11-17 495e050ef7 [SECURITY] Address XSS vulnerabilities in Fluid (thanks to Andreas Fernandez)
  • 2020-11-12 28f2422f2b [TASK] Upgrade typo3/phar-stream-wrapper to v2.2.1 (thanks to Andreas Fernandez)
  • 2020-11-12 f8cd15e3ab [TASK] Support installation via Composer 2 (thanks to Andreas Fernandez)
  • 2020-11-02 b31f53f99b [TASK] Update build plans (thanks to Andreas Fernandez)
  • 2020-09-08 c9cd863989 [TASK] Set TYPO3 version to 7.6.48-dev (thanks to Andreas Fernandez)