TYPO3 9.5.38 ELTS

Release Notes

Version 9.5.38 ELTS

Stay secure and up-to-date with TYPO3 ELTS!

The TYPO3 CMS community supported from 2018-10-02 until 2021-09-30.
Extend your support now until 2024-09-30 to get access to the latest security and compatibility updates for this version.

Learn more about TYPO3 ELTS Browse the TYPO3 ELTS Portal

Release Notes for TYPO3 CMS 9.5.38

This document contains information about TYPO3 CMS 9.5.38 which was released on 13.12.2022.

Get TYPO3 9.5.38 now

News

This release is a combined bug fix and security release.

Find more details in the security bulletins

Checksums of TYPO3 9.5.38

SHA256

9e49e68238fa627e07cb427d614f5b91b2c54912f0f1fb4c30642de2db696b36 typo3_src-9.5.38.tar.gz
12622ac219bd9698fea537020cc0e6e7b3a3b6f3f3bd16aa3f20c36a066718f0 typo3_src-9.5.38.zip

SHA1

57f7a59c041d42ee6034eb5844ae0c112d24726f typo3_src-9.5.38.tar.gz
9de16769e65834934ae08e4b0526e4f05879ac8f typo3_src-9.5.38.zip

MD5

bda1cdc1dde9a451978601db1c39c7b0 typo3_src-9.5.38.tar.gz
756f63dc3d7b5b9afab236f0f8e0a8cc typo3_src-9.5.38.zip

Package Signatures

TYPO3 Release Packages (the downloadable tarballs and zip files) as well as Git tags are signed using PGP signatures during the automated release process. Besides that, MD5 and SHA2-256 hashes are being generated for these files. Find more details on verifying signatures and hashes in the infrastructure guide.

Download GPG signed release README.md file

Example of verifying integrity of tar.gz package of current release:

wget --content-disposition https://get.typo3.org/9.5.38/tar.gz
wget --content-disposition https://get.typo3.org/9.5.38/tar.gz.sig
gpg --verify typo3_src-9.5.38.tar.gz.sig typo3_src-9.5.38.tar.gz

Upgrading

The usual upgrading procedure applies. No database updates are necessary. It might be required to clear all caches; the "important actions" section in the TYPO3 Install Tool offers the accordant possibility to do so.

Changes

2022-12-13 e8a3ddce4c [RELEASE] Release of TYPO3 9.5.38 (thanks to Andreas Fernandez)
2022-12-13 77dd6777d7 [SECURITY] Upgrade to typo3/html-sanitizer v2.1.1 (thanks to Andreas Fernandez)
2022-12-13 f2c242402b [SECURITY] Disallow introducing Yaml placeholders in user interface (thanks to Oliver Hader)
2022-12-13 f1058f6550 [SECURITY] Avoid DoS when generating Error pages (thanks to Benni Mack)
2022-12-13 4a7e9e7fbe [SECURITY] Prohibit TypoScript in form yaml files (thanks to waldhacker)
2022-12-13 b3f789d668 [SECURITY] Use signed storage PID during frontend authentication (thanks to Oliver Hader)
2022-12-13 ae52b7e7c2 [TASK] Add HTTP host header injection check to reports module (thanks to Oliver Hader)
2022-12-12 781f11bb05 [TASK] Upgrade to typo3/html-sanitizer v2.1.0 (thanks to Oliver Hader)
2022-12-12 eeee4a671d [BUGFIX] Cover multi-value properties in form editor with HMAC (thanks to Oliver Hader)
2022-12-12 87416f06fa [BUGFIX] Fix CGL checks on GitHub Actions (thanks to Andreas Fernandez)
2022-12-07 9d0401c236 [TASK] Introduce string fragment extraction (thanks to Oliver Hader)
2022-12-07 b5e9f2bee5 [TASK] Update GitHub action plans (thanks to Andreas Fernandez)
2022-09-13 74fdc25fe0 [TASK] Set TYPO3 version to 9.5.38-dev (thanks to Andreas Fernandez)