This release is a combined bug fix and security release.
Find more details in the security bulletins:
e3299e418a2db7fa795af8fe29012726dd19e3c95a655bbd03ff47b5f9657969 typo3_src-8.7.27.tar.gz 3126526a69955fa965dd2cb7efea6f71fc5440a08e746cb816b4859cb0716877 typo3_src-8.7.27.zip
ded997c3e995105a680f0d52d78942ee62fd79d8 typo3_src-8.7.27.tar.gz 2f5accabc85241f0845691ad745d334902393840 typo3_src-8.7.27.zip
24705bdb4de9462005a084ef9e582571 typo3_src-8.7.27.tar.gz 3391878c41bd93dc489d48507cd64a01 typo3_src-8.7.27.zip
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/8.7.27/tar.gz wget --content-disposition https://get.typo3.org/8.7.27/tar.gz.sig gpg --verify typo3_src-8.7.27.tar.gz.sig typo3_src-8.7.27.tar.gz
Some security fixes can be considered as breaking changes in order to apply strong security defaults. Please read the security bulletins carefully - manual adjustments concerning backward compatibility are described there as well.
Otherwise, the usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Here is a list of what was fixed since 8.7.26:
- 2019-06-25 5664a903d2 [RELEASE] Release of TYPO3 8.7.27 (thanks to Benni Mack)
- 2019-06-25 1f748c7697 [SECURITY] Disallow insecure deserialization for l18n_diffsource (thanks to Oliver Hader)
- 2019-06-25 fde7576f4f [SECURITY] Deny pages' TSconfig and tsconfig_includes for non-admins (thanks to Oliver Hader)
- 2019-06-25 9837ae3484 [!!!][SECURITY] Disallow session data transfer on frontend user logout (thanks to Oliver Hader)
- 2019-06-25 61805ff787 [SECURITY] Check record permissions in record information popup (thanks to Andreas Fernandez)
- 2019-06-19 7f5597e89b [BUGFIX] Use proper configuration when processing FlexForms in DataHandler (thanks to Benni Mack)
- 2019-06-13 180fe53556 [BUGFIX] DragUploader: Remove trailing comma in ternary operation (thanks to Andreas Fernandez)
- 2019-06-05 018fa63c15 [BUGFIX] Prevent division by zero when scaling image (thanks to Claus Due)
- 2019-05-31 257395f147 [BUGFIX] Do not show message "Allowed file extensions" for internal_type="db" (thanks to c.essl)
- 2019-05-31 8d5c45d28d [BUGFIX] Refresh browser cache when ckeditor config or plugins changes (thanks to Rémy DANIEL)
- 2019-05-24 760d19ca25 [BUGFIX] Require
jquerybefore using it when rendering ckeditor (thanks to Andreas Fernandez)
- 2019-05-24 e9422c8a08 [BUGFIX] Ensure correct initialization of selectTree value (thanks to Nicole Cordes)
- 2019-05-15 ec908fe372 [TASK] Set TYPO3 version to 8.7.27-dev (thanks to Oliver Hader)