TYPO3 9.5.17
Release Notes
Stay secure and up-to-date with TYPO3 ELTS!
The TYPO3 CMS community supported from 2018-10-02
until 2021-09-30.
Extend your support now until 2024-09-30 to
get access to the latest security and compatibility updates for this version.
Release Notes for TYPO3 CMS 9.5.17
This document contains information about TYPO3 CMS 9.5.17 which was released on 12.05.2020.
Get TYPO3 9.5.17 nowNews
This release is a combined bug fix and security release.
Find more details in the security bulletins:
- https://typo3.org/security/advisory/typo3-core-sa-2020-002
- https://typo3.org/security/advisory/typo3-core-sa-2020-003
- https://typo3.org/security/advisory/typo3-core-sa-2020-004
- https://typo3.org/security/advisory/typo3-core-sa-2020-005
- https://typo3.org/security/advisory/typo3-core-sa-2020-006
Checksums of TYPO3 9.5.17
SHA256
342be5f4e5c2e8808fe5def99101973c021bd5987d56f67549101d6330666c5a typo3_src-9.5.17.tar.gz 78a8b4e5591d4ae0df278586722d47205eb1f2624e3642e9fad6bf4358558d0e typo3_src-9.5.17.zip
SHA1
f1dec9a3d91e66a0f2acdf31656a5ec11ac0cf6a typo3_src-9.5.17.tar.gz 77688684ec44f73fa797571c3827201a23008b59 typo3_src-9.5.17.zip
MD5
81af79decdbf4bd5863cc71ff7fc4184 typo3_src-9.5.17.tar.gz e7105cd552afd3ca8b9d806a640b9938 typo3_src-9.5.17.zip
Package Signatures
TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.
Download GPG signed release README.md file
Example of verifying integrity of tar.gz package of current release:
wget --content-disposition https://get.typo3.org/9.5.17/tar.gz wget --content-disposition https://get.typo3.org/9.5.17/tar.gz.sig gpg --verify typo3_src-9.5.17.tar.gz.sig typo3_src-9.5.17.tar.gz
Upgrading
The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.
Changes
Here is a list of what was fixed since 9.5.16:
- 2020-05-12 33a59bca30 [RELEASE] Release of TYPO3 9.5.17 (thanks to Oliver Hader)
- 2020-05-12 deaf931cf4 [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Oliver Hader)
- 2020-05-12 7d4159f791 [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Oliver Hader)
- 2020-05-12 fa3992d114 [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Oliver Hader)
- 2020-05-12 931a4fc070 [SECURITY] Ensure decoded entities are encoded for HTML again (thanks to Oliver Hader)
- 2020-05-12 109bf625ea [SECURITY] Escape shortened placeholder text in HTML output (thanks to Markus Klein)
- 2020-05-12 c04ce95574 [TASK] Integrate server response security checks (thanks to Oliver Hader)
- 2020-05-12 14849c32c4 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez)
- 2020-05-12 d9616d6910 [BUGFIX] Revert PageReadPermission check for TreeController (thanks to Benni Mack)
- 2020-05-12 89b080a338 [BUGFIX] Fix internal + external links with URLs fragment (thanks to Benni Mack)
- 2020-05-12 49096b07e5 [BUGFIX] Enable Enhancer support for MountPoints (thanks to Benni Mack)
- 2020-05-11 c71afa631e [BUGFIX] Only call getMovePlaceholder for MOVE_POINTER records (thanks to Benni Mack)
- 2020-05-11 d3297faa12 [BUGFIX] Correctly evaluate "unique" eval for slug fields (thanks to David König)
- 2020-05-11 db898e5a18 [BUGFIX] Fix HMENU special=directory when site language is in free mode (thanks to Benni Mack)
- 2020-05-11 61aec7014e [BUGFIX] Do not deprecate $GLOBALS[TYPO3_REQUEST] (thanks to Benni Mack)
- 2020-05-11 1688e52557 [BUGFIX] Fix typo in frontend usergroups CSH details text (thanks to Marcin Sągol)
- 2020-05-10 10f755df33 [BUGFIX] Include composer dumpautoload in Test Plan Jobs (thanks to Anja Leichsenring)
- 2020-05-09 feb1d091cb [TASK] Improve backend module Form description (thanks to Marcin Sągol)
- 2020-05-09 f4f0dc0ecd [BUGFIX] Remove obsolete period in scheduler label (thanks to Daniel Goerz)
- 2020-05-06 4978699fe2 [BUGFIX] Use correct slug for access restricted translated pages (thanks to Benni Mack)
- 2020-05-06 f862f640f8 [BUGFIX] Use proper Fluid exception class (thanks to Andreas Fernandez)
- 2020-05-06 9a4bcd7705 [BUGFIX] Lift restriction for restricted records in Routing Aspects (thanks to Benni Mack)
- 2020-05-06 45d3d1150d [TASK] Avoid superfluous reference operator on objects (thanks to Oliver Hader)
- 2020-05-06 25aa35b322 [TASK] Use proper function reference for backend route in test case (thanks to Oliver Hader)
- 2020-05-06 df5e808447 [BUGFIX] Fix typo in identifier exists validation message in site configuration (thanks to Marcin Sągol)
- 2020-05-05 326671fd23 [BUGFIX] Reset
window.openerin backend and load modules if authenticated (thanks to Andreas Fernandez) - 2020-05-04 529a1cdbe4 [TASK] Respect disabled ElementBrowser also in TableList (thanks to Oliver Bartsch)
- 2020-05-04 cb40a8cc90 [BUGFIX] Harden deprecation log handling (thanks to Helmut Hummel)
- 2020-05-04 34fcc2dc9e [BUGFIX] Cache various where clauses of PageRepository (thanks to Benni Mack)
- 2020-05-02 3ca5e7b4dc [TASK] Ensure login module is completely loaded and processed (thanks to Oliver Hader)
- 2020-05-02 dd8cf23a63 [TASK] Use proper TypeScript functions instead of arrow functions (thanks to Oliver Hader)
- 2020-04-30 bc5a5dfdb2 [TASK] Add tags to clearcachehook (thanks to Patrick Schriner)
- 2020-04-28 0de69760b8 [BUGFIX] Correctly use trigger_error for deprecations (thanks to Markus Klein)
- 2020-04-28 1fa44d3850 [BUGFIX] No longer use deprecated function writeDeprecationLogFileEntry (thanks to Sybille Peters)
- 2020-04-28 4e2327141c [TASK] Set TYPO3 version to 9.5.17-dev (thanks to Benni Mack)