TYPO3 8.6.1

Release Notes

Version 8.6.1

This version is not supported anymore.

The TYPO3 CMS community supported from 2017-04-04 until 2020-03-31. Extended security & compatibility support (ELTS) expired on 2024-03-31.

Please consider updating to a newer version.

Release Notes for TYPO3 CMS 8.6.1

This document contains information about TYPO3 CMS 8.6.1 which was released on February 28th, 2017.


This release is a combined bug fix and security release.


Find more details in the security bulletins:



MD5 checksums

77f0c3d42758f2f14f3a1fb5542b9a29  typo3_src-8.6.1.tar.gz
74b3874d5a4be2979ea3dbba46382961  typo3_src-8.6.1.zip

SHA256 checksums

4edf44df3c1e7fc6d00c106843b522c3bd66c0a74edc7b9137e112b7898733fa  typo3_src-8.6.1.tar.gz
5b31c77f6f89edbcc06847f1017b2fefb1c5e81e1f2c006fa9d4da21ac0b00fc  typo3_src-8.6.1.zip


The usual upgrading procedure applies. No database updates are necessary.\ It might be required to clear all caches; the “important actions” section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since [8.6.0](TYPO3_CMS_8.6.0 "wikilink"):

5ef31ecdde [RELEASE] Release of TYPO3 8.6.1
278af8209d [SECURITY] Prevent possible XSS in Fluid templates
61dd8f4328 [SECURITY] Prevent login of restricted users
1c5765398a [BUGFIX] Don&#039;t update passwords if left untouched

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/8.6.1/tar.gz
wget --content-disposition https://get.typo3.org/8.6.1/tar.gz.sig
gpg --verify typo3_src-8.6.1.tar.gz.sig typo3_src-8.6.1.tar.gz