TYPO3 8.7.27

Release Notes

Version 8.7.27

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2017-04-04 until 2020-03-31.
Extend your support now until 2023-03-31 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 8.7.27

This document contains information about TYPO3 CMS 8.7.27 which was released on 25.06.2019.

Get TYPO3 v8.7.27 now

Checksums of TYPO3 8.7.27

SHA256

e3299e418a2db7fa795af8fe29012726dd19e3c95a655bbd03ff47b5f9657969 typo3_src-8.7.27.tar.gz
3126526a69955fa965dd2cb7efea6f71fc5440a08e746cb816b4859cb0716877 typo3_src-8.7.27.zip

SHA1

ded997c3e995105a680f0d52d78942ee62fd79d8 typo3_src-8.7.27.tar.gz
2f5accabc85241f0845691ad745d334902393840 typo3_src-8.7.27.zip

MD5

24705bdb4de9462005a084ef9e582571 typo3_src-8.7.27.tar.gz
3391878c41bd93dc489d48507cd64a01 typo3_src-8.7.27.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/8.7.27/tar.gz
wget --content-disposition https://get.typo3.org/8.7.27/tar.gz.sig
gpg --verify typo3_src-8.7.27.tar.gz.sig typo3_src-8.7.27.tar.gz

Upgrading

Some security fixes can be considered as breaking changes in order to apply strong security defaults. Please read the security bulletins carefully - manual adjustments concerning backward compatibility are described there as well.

Otherwise, the usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

Here is a list of what was fixed since [8.7.26]:

  • 2019-06-25 5664a903d2 [RELEASE] Release of TYPO3 8.7.27 (thanks to Benni Mack)
  • 2019-06-25 1f748c7697 [SECURITY] Disallow insecure deserialization for l18n_diffsource (thanks to Oliver Hader)
  • 2019-06-25 fde7576f4f [SECURITY] Deny pages' TSconfig and tsconfig_includes for non-admins (thanks to Oliver Hader)
  • 2019-06-25 9837ae3484 [!!!][SECURITY] Disallow session data transfer on frontend user logout (thanks to Oliver Hader)
  • 2019-06-25 96105753aa [SECURITY] Disallow javascript & data scheme in URL link handler (thanks to Oliver Hader)
  • 2019-06-25 61805ff787 [SECURITY] Check record permissions in record information popup (thanks to Andreas Fernandez)
  • 2019-06-19 7f5597e89b [BUGFIX] Use proper configuration when processing FlexForms in DataHandler (thanks to Benni Mack)
  • 2019-06-13 180fe53556 [BUGFIX] DragUploader: Remove trailing comma in ternary operation (thanks to Andreas Fernandez)
  • 2019-06-05 018fa63c15 [BUGFIX] Prevent division by zero when scaling image (thanks to Claus Due)
  • 2019-05-31 257395f147 [BUGFIX] Do not show message "Allowed file extensions" for internal_type="db" (thanks to c.essl)
  • 2019-05-31 8d5c45d28d [BUGFIX] Refresh browser cache when ckeditor config or plugins changes (thanks to Rémy DANIEL)
  • 2019-05-24 760d19ca25 [BUGFIX] Require jquery before using it when rendering ckeditor (thanks to Andreas Fernandez)
  • 2019-05-24 e9422c8a08 [BUGFIX] Ensure correct initialization of selectTree value (thanks to Nicole Cordes)
  • 2019-05-15 ec908fe372 [TASK] Set TYPO3 version to 8.7.27-dev (thanks to Oliver Hader)