TYPO3 8.7.40 ELTS
This document contains information about TYPO3 CMS 8.7.40 which was released on 16.03.2021.Get TYPO3 8.7.40 now
This release is a combined bug fix and security release.
Find more details in the security bulletins
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/8.7.40/tar.gz wget --content-disposition https://get.typo3.org/8.7.40/tar.gz.sig gpg --verify typo3_src-8.7.40.tar.gz.sig typo3_src-8.7.40.tar.gz
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
- 2021-03-16 18cadb5ddd [RELEASE] Release of TYPO3 8.7.40 (thanks to Andreas Fernandez)
- 2021-03-16 508671278a [SECURITY] Mitigate directly accessible file upload in form framework (thanks to Oliver Hader)
- 2021-03-16 3da15b5265 [BUGFIX] Fix serialization of FileReference objects (thanks to Benjamin Franzke)
- 2021-03-16 02e480fbfd [SECURITY] Mitigate XSS in PreviewRenderer for menus (thanks to Oliver Bartsch)
- 2021-03-16 c90682993f [SECURITY] Validate allowed values for form element editors (thanks to Ralf Zimmermann)
- 2021-03-16 81791cb730 [SECURITY] Avoid storing plain session identifier in $USER->uc (thanks to Oliver Hader)
- 2021-03-16 ef254cb10b [SECURITY] Prevent urls starting with // to be used for redirects (thanks to Torben Hansen)
- 2021-03-15 a3592edf13 [BUGFIX] Replace algo26-matthias/idna-convert with native PHP functionality (thanks to Andreas Fernandez)
- 2021-03-15 8acecee705 [BUGFIX] Fix serialization of FileReference objects (thanks to Benjamin Franzke)
- 2021-03-11 c653d3b823 [BUGFIX] Fix CGL in EXT:form's FluidFormRenderer.php (thanks to Andreas Fernandez)
- 2021-01-26 91675d82bd [BUGFIX] Loosen constraint of typo3/cms-composer-installers (thanks to Andreas Fernandez)
- 2021-01-25 a4dceec794 [TASK] Harden client-side SecurityUtility.encodeHtml (thanks to Oliver Hader)
- 2020-12-18 b84bf850e3 [TASK] Set TYPO3 version to 8.7.40-dev (thanks to Andreas Fernandez)