TYPO3 8.7.40 ELTS

Release Notes

Version 8.7.40 ELTS

This version is not supported anymore.

The TYPO3 CMS community supported from 2017-04-04 until 2020-03-31. Extended security & compatibility support (ELTS) expired on 2024-03-31.

Please consider updating to a newer version.

Release Notes for TYPO3 CMS 8.7.40

This document contains information about TYPO3 CMS 8.7.40 which was released on 16.03.2021.

Get TYPO3 8.7.40 now

Checksums of TYPO3 8.7.40


b5b581cf8b9b0303059f3da5b1c939d24b377593f2467a08bd9571da60ca0354 typo3_src-8.7.40.tar.gz
df38bf9526cea64b2601371d833bd8b2f0722733d20057f54496688f5303a1fe typo3_src-8.7.40.zip


6782b2f5d819dc726a5fd1158a40e18c32aec66a typo3_src-8.7.40.tar.gz
2e6915a8fbe27a2a061411bfa7eca922f6a4ece2 typo3_src-8.7.40.zip


c03ceb78026c5d5a61cfb20b58f407d6 typo3_src-8.7.40.tar.gz
066295808acbc79e81a59b351bd5f7c3 typo3_src-8.7.40.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/8.7.40/tar.gz
wget --content-disposition https://get.typo3.org/8.7.40/tar.gz.sig
gpg --verify typo3_src-8.7.40.tar.gz.sig typo3_src-8.7.40.tar.gz


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


  • 2021-03-16 18cadb5ddd [RELEASE] Release of TYPO3 8.7.40 (thanks to Andreas Fernandez)
  • 2021-03-16 508671278a [SECURITY] Mitigate directly accessible file upload in form framework (thanks to Oliver Hader)
  • 2021-03-16 3da15b5265 [BUGFIX] Fix serialization of FileReference objects (thanks to Benjamin Franzke)
  • 2021-03-16 02e480fbfd [SECURITY] Mitigate XSS in PreviewRenderer for menus (thanks to Oliver Bartsch)
  • 2021-03-16 c90682993f [SECURITY] Validate allowed values for form element editors (thanks to Ralf Zimmermann)
  • 2021-03-16 81791cb730 [SECURITY] Avoid storing plain session identifier in $USER->uc (thanks to Oliver Hader)
  • 2021-03-16 ef254cb10b [SECURITY] Prevent urls starting with // to be used for redirects (thanks to Torben Hansen)
  • 2021-03-15 a3592edf13 [BUGFIX] Replace algo26-matthias/idna-convert with native PHP functionality (thanks to Andreas Fernandez)
  • 2021-03-15 8acecee705 [BUGFIX] Fix serialization of FileReference objects (thanks to Benjamin Franzke)
  • 2021-03-11 c653d3b823 [BUGFIX] Fix CGL in EXT:form's FluidFormRenderer.php (thanks to Andreas Fernandez)
  • 2021-01-26 91675d82bd [BUGFIX] Loosen constraint of typo3/cms-composer-installers (thanks to Andreas Fernandez)
  • 2021-01-25 a4dceec794 [TASK] Harden client-side SecurityUtility.encodeHtml (thanks to Oliver Hader)
  • 2020-12-18 b84bf850e3 [TASK] Set TYPO3 version to 8.7.40-dev (thanks to Andreas Fernandez)