TYPO3 9.3.1

Release Notes

Version 9.3.1

Release Notes for TYPO3 CMS 9.3.1

This document contains information about TYPO3 CMS 9.3.1 which was released on 12.07.2018.

Get TYPO3 9.3.1 now

Checksums of TYPO3 9.3.1


eb24eba9e9fa74cf674f229cd60208f5e0cdde36a2bfb3fff430e4daa8faa31a typo3_src-9.3.1.tar.gz
4b54a3254d662466744b553c470e313337aeeab2aa1d1a93ac30a0e02db87af4 typo3_src-9.3.1.zip


b74e88d424694d3b94a7fbf22fe9b6f674ce2966 typo3_src-9.3.1.tar.gz
81577dd4c8a5ebb83bed5178cae383fa2a610d95 typo3_src-9.3.1.zip


1d3e26caec61ea2a12f2e6f4f338c763 typo3_src-9.3.1.tar.gz
ec7605854c0372a9e87d052d561d485a typo3_src-9.3.1.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/9.3.1/tar.gz
wget --content-disposition https://get.typo3.org/9.3.1/tar.gz.sig
gpg --verify typo3_src-9.3.1.tar.gz.sig typo3_src-9.3.1.tar.gz


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since [9.3.0]:

  • 2018-07-12 5ee2abaaa7 [RELEASE] Release of TYPO3 9.3.1 (thanks to Oliver Hader)
  • 2018-07-12 74dde9f3f7 [BUGFIX] Fix test isolation and pre-requisites (thanks to Susanne Moog)
  • 2018-07-12 82eab987b6 [TASK] Fix CGL issues (thanks to Oliver Hader)
  • 2018-07-12 75f577e144 [TASK] Streamline FAL pre-emit signals for createFile and setContent (thanks to Oliver Hader)
  • 2018-07-12 098478acb3 [SECURITY][TASK] Remove support for native PHP yaml extension (thanks to Oliver Hader)
  • 2018-07-12 36b0b68d9a [SECURITY] Filter disallowed properties in form editor (thanks to Ralf Zimmermann)
  • 2018-07-12 769b628e94 [!!!][SECURITY] Deny direct FAL commands for form definitions (thanks to Susanne Moog)
  • 2018-07-12 31e417f7f0 [SECURITY] Explicitly deny object deserialization (thanks to Oliver Hader)
  • 2018-07-12 7f930854a4 [SECURITY] Mitigate phar stream wrapper (thanks to Christian Kuhn)
  • 2018-07-12 28e9420acb [SECURITY] Introduce PHP stream wrapper for phar:// protocol (thanks to Oliver Hader)
  • 2018-07-12 ed3ec27d64 [SECURITY] Deny authentication bypass using blowfish/md5 encryption (thanks to Oliver Hader)