TYPO3 9.5.17

Release Notes

Version 9.5.17

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2018-10-02 until 2021-09-30.
Extend your support now until 2024-09-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 9.5.17

This document contains information about TYPO3 CMS 9.5.17 which was released on 12.05.2020.

Get TYPO3 9.5.17 now

Checksums of TYPO3 9.5.17


342be5f4e5c2e8808fe5def99101973c021bd5987d56f67549101d6330666c5a typo3_src-9.5.17.tar.gz
78a8b4e5591d4ae0df278586722d47205eb1f2624e3642e9fad6bf4358558d0e typo3_src-9.5.17.zip


f1dec9a3d91e66a0f2acdf31656a5ec11ac0cf6a typo3_src-9.5.17.tar.gz
77688684ec44f73fa797571c3827201a23008b59 typo3_src-9.5.17.zip


81af79decdbf4bd5863cc71ff7fc4184 typo3_src-9.5.17.tar.gz
e7105cd552afd3ca8b9d806a640b9938 typo3_src-9.5.17.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/9.5.17/tar.gz
wget --content-disposition https://get.typo3.org/9.5.17/tar.gz.sig
gpg --verify typo3_src-9.5.17.tar.gz.sig typo3_src-9.5.17.tar.gz


The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.


Here is a list of what was fixed since 9.5.16:

  • 2020-05-12 33a59bca30 [RELEASE] Release of TYPO3 9.5.17 (thanks to Oliver Hader)
  • 2020-05-12 deaf931cf4 [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Oliver Hader)
  • 2020-05-12 7d4159f791 [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Oliver Hader)
  • 2020-05-12 fa3992d114 [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Oliver Hader)
  • 2020-05-12 931a4fc070 [SECURITY] Ensure decoded entities are encoded for HTML again (thanks to Oliver Hader)
  • 2020-05-12 109bf625ea [SECURITY] Escape shortened placeholder text in HTML output (thanks to Markus Klein)
  • 2020-05-12 c04ce95574 [TASK] Integrate server response security checks (thanks to Oliver Hader)
  • 2020-05-12 14849c32c4 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez)
  • 2020-05-12 d9616d6910 [BUGFIX] Revert PageReadPermission check for TreeController (thanks to Benni Mack)
  • 2020-05-12 89b080a338 [BUGFIX] Fix internal + external links with URLs fragment (thanks to Benni Mack)
  • 2020-05-12 49096b07e5 [BUGFIX] Enable Enhancer support for MountPoints (thanks to Benni Mack)
  • 2020-05-11 c71afa631e [BUGFIX] Only call getMovePlaceholder for MOVE_POINTER records (thanks to Benni Mack)
  • 2020-05-11 d3297faa12 [BUGFIX] Correctly evaluate "unique" eval for slug fields (thanks to David König)
  • 2020-05-11 db898e5a18 [BUGFIX] Fix HMENU special=directory when site language is in free mode (thanks to Benni Mack)
  • 2020-05-11 61aec7014e [BUGFIX] Do not deprecate $GLOBALS[TYPO3_REQUEST] (thanks to Benni Mack)
  • 2020-05-11 1688e52557 [BUGFIX] Fix typo in frontend usergroups CSH details text (thanks to Marcin Sągol)
  • 2020-05-10 10f755df33 [BUGFIX] Include composer dumpautoload in Test Plan Jobs (thanks to Anja Leichsenring)
  • 2020-05-09 feb1d091cb [TASK] Improve backend module Form description (thanks to Marcin Sągol)
  • 2020-05-09 f4f0dc0ecd [BUGFIX] Remove obsolete period in scheduler label (thanks to Daniel Goerz)
  • 2020-05-06 4978699fe2 [BUGFIX] Use correct slug for access restricted translated pages (thanks to Benni Mack)
  • 2020-05-06 f862f640f8 [BUGFIX] Use proper Fluid exception class (thanks to Andreas Fernandez)
  • 2020-05-06 9a4bcd7705 [BUGFIX] Lift restriction for restricted records in Routing Aspects (thanks to Benni Mack)
  • 2020-05-06 45d3d1150d [TASK] Avoid superfluous reference operator on objects (thanks to Oliver Hader)
  • 2020-05-06 25aa35b322 [TASK] Use proper function reference for backend route in test case (thanks to Oliver Hader)
  • 2020-05-06 df5e808447 [BUGFIX] Fix typo in identifier exists validation message in site configuration (thanks to Marcin Sągol)
  • 2020-05-05 326671fd23 [BUGFIX] Reset window.opener in backend and load modules if authenticated (thanks to Andreas Fernandez)
  • 2020-05-04 529a1cdbe4 [TASK] Respect disabled ElementBrowser also in TableList (thanks to Oliver Bartsch)
  • 2020-05-04 cb40a8cc90 [BUGFIX] Harden deprecation log handling (thanks to Helmut Hummel)
  • 2020-05-04 34fcc2dc9e [BUGFIX] Cache various where clauses of PageRepository (thanks to Benni Mack)
  • 2020-05-02 3ca5e7b4dc [TASK] Ensure login module is completely loaded and processed (thanks to Oliver Hader)
  • 2020-05-02 dd8cf23a63 [TASK] Use proper TypeScript functions instead of arrow functions (thanks to Oliver Hader)
  • 2020-04-30 bc5a5dfdb2 [TASK] Add tags to clearcachehook (thanks to Patrick Schriner)
  • 2020-04-28 0de69760b8 [BUGFIX] Correctly use trigger_error for deprecations (thanks to Markus Klein)
  • 2020-04-28 1fa44d3850 [BUGFIX] No longer use deprecated function writeDeprecationLogFileEntry (thanks to Sybille Peters)
  • 2020-04-28 4e2327141c [TASK] Set TYPO3 version to 9.5.17-dev (thanks to Benni Mack)