This document contains information about TYPO3 CMS 9.3.1 which was released on 12.07.2018.Get TYPO3 9.3.1 now
This release is a combined bug fix and security release.
Find more details in the security bulletins:
eb24eba9e9fa74cf674f229cd60208f5e0cdde36a2bfb3fff430e4daa8faa31a typo3_src-9.3.1.tar.gz 4b54a3254d662466744b553c470e313337aeeab2aa1d1a93ac30a0e02db87af4 typo3_src-9.3.1.zip
b74e88d424694d3b94a7fbf22fe9b6f674ce2966 typo3_src-9.3.1.tar.gz 81577dd4c8a5ebb83bed5178cae383fa2a610d95 typo3_src-9.3.1.zip
1d3e26caec61ea2a12f2e6f4f338c763 typo3_src-9.3.1.tar.gz ec7605854c0372a9e87d052d561d485a typo3_src-9.3.1.zip
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/9.3.1/tar.gz wget --content-disposition https://get.typo3.org/9.3.1/tar.gz.sig gpg --verify typo3_src-9.3.1.tar.gz.sig typo3_src-9.3.1.tar.gz
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Here is a list of what was fixed since [9.3.0]:
- 2018-07-12 5ee2abaaa7 [RELEASE] Release of TYPO3 9.3.1 (thanks to Oliver Hader)
- 2018-07-12 74dde9f3f7 [BUGFIX] Fix test isolation and pre-requisites (thanks to Susanne Moog)
- 2018-07-12 82eab987b6 [TASK] Fix CGL issues (thanks to Oliver Hader)
- 2018-07-12 75f577e144 [TASK] Streamline FAL pre-emit signals for createFile and setContent (thanks to Oliver Hader)
- 2018-07-12 098478acb3 [SECURITY][TASK] Remove support for native PHP yaml extension (thanks to Oliver Hader)
- 2018-07-12 36b0b68d9a [SECURITY] Filter disallowed properties in form editor (thanks to Ralf Zimmermann)
- 2018-07-12 769b628e94 [!!!][SECURITY] Deny direct FAL commands for form definitions (thanks to Susanne Moog)
- 2018-07-12 31e417f7f0 [SECURITY] Explicitly deny object deserialization (thanks to Oliver Hader)
- 2018-07-12 7f930854a4 [SECURITY] Mitigate phar stream wrapper (thanks to Christian Kuhn)
- 2018-07-12 28e9420acb [SECURITY] Introduce PHP stream wrapper for phar:// protocol (thanks to Oliver Hader)
- 2018-07-12 ed3ec27d64 [SECURITY] Deny authentication bypass using blowfish/md5 encryption (thanks to Oliver Hader)