TYPO3 11.5.35
15 February 2024
TYPO3 version 11.5.35 is now available (security release).
Upgrading to TYPO3 11.5.35
TYPO3 11.5.35 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 11.5.35 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 11.5.35
11.5.35
Security
- [SECURITY] Deny directly modifying file abstraction layer entities (thanks to Oliver Hader)
- [SECURITY] Prevent arbitrary access to privileged resources via t3:// (thanks to Benjamin Franzke)
- [SECURITY] Do not disclose encryptionKey via InstallTool (thanks to Benjamin Franzke)
- [SECURITY] Avoid showing password hashes in backend edit forms (thanks to Oliver Hader)
- [SECURITY] Prevent RCE via install tool settings (thanks to Benjamin Franzke)
- [!!!][SECURITY] Enforce absolute path checks in FAL local driver (thanks to Oliver Hader)
Bug Fixes and Changes
- [TASK] Update composer/composer to most recent version (thanks to Oliver Hader)
- [BUGFIX] Also fetch outdated extensions in extensionmanager (thanks to Oliver Bartsch)
- [BUGFIX] Avoid static calls to LogDataTrait::formatLogDetails (thanks to Oliver Hader)
- [TASK] Update container image versions (thanks to Stefan Bürk)
- [BUGFIX] Mitigate a TypeError in StandardContentPreviewRenderer (thanks to Yann)
- [TASK] Replace former extension packages using self.version (thanks to Thomas Hohn)
- [BUGFIX] Copy metadata on copy file (thanks to Oliver Bartsch)
- [BUGFIX] Undefined array index for TCA without ctrl (thanks to Simon Schaufelberger)
- [TASK] Add composer dispatcher to runTests.sh (thanks to Stefan Bürk)
- [TASK] Add missing MySQL Server versions to runTests.sh (thanks to Stefan Bürk)
- [BUGFIX] Allow linking to records that are set to All Languages (thanks to Benni Mack)
- [TASK] Use podman before docker in Build/Scripts/runTests.sh (thanks to Stefan Bürk)
- [TASK] Unblock argument passing in Build/Scripts/runTests.sh (thanks to Stefan Bürk)
- [BUGFIX] Prevent memory leak when fetching a lot of database records (thanks to Sascha Nowak)
- [BUGFIX] Prevent side effects in rst extension scanner tags check (thanks to Oliver Bartsch)
- [BUGFIX] Indexed Search: Pass freeIndexUid to pageBrowsing ViewHelper (thanks to Andreas Kienast)
- [BUGFIX] Do not resolve resource paths in EXT:form (thanks to Peter Kraume)
- [TASK] Update container image versions (thanks to Stefan Bürk)
11.5.34
Bug Fixes and Changes
- [DOCS] Remove invalid configuration option from SMTP upgrade example (thanks to Benjamin Franzke)
- [BUGFIX] Check all method for existence in OpcodeCacheService (thanks to Stefan Bürk)
- [BUGFIX] Remove empty values from colPosArray (thanks to Achim Fritz)
- [TASK] Streamline indentation of arrays and comments (thanks to Benni Mack)
- [TASK] Update copyright year in README.md and INSTALL.md (thanks to Torben Hansen)
- [TASK] Update core-testing-phpXY images version (thanks to Stefan Bürk)
- [BUGFIX] Avoid PHP warning when checking TCA hideTable (thanks to Markus Klein)
- [BUGFIX] Prevent Undefined array key debugMode in Indexer (thanks to Oliver Bartsch)
- [TASK] Ensure removing dangling images works with podman (thanks to Stefan Bürk)
- [TASK] Sanitize embedded HTML in Installation-Wide Configuration GUI (thanks to Benjamin Franzke)
- [BUGFIX] Avoid type errors in ResourceFactory methods (thanks to Stefan Bürk)
- [BUGFIX] Fix error copying pages with outdated user permissions (thanks to Georg Ringer)
- [TASK] Unit tests stumble on missing import (thanks to Christian Kuhn)
- [TASK] Update core-testing-phpXY images version (thanks to Stefan Bürk)
- [BUGFIX] Avoid side effect in acceptance tests (thanks to Christian Kuhn)
- [TASK] Fix support for bash v3 in runTests.sh (thanks to Benjamin Franzke)
- [TASK] Refer to minor versions for our images in runTests (thanks to Benjamin Franzke)
- [TASK] Automatically remove containers in runTests.sh (thanks to Benjamin Franzke)
- [BUGFIX] Use correct Configuration ignore in namespace integrity check (thanks to Stefan Bürk)
- [TASK] runTests.sh with podman, new CI (thanks to Christian Kuhn)
- [BUGFIX] Alert about deleting content elements with references (thanks to Sybille Peters)
- [BUGFIX] Prevent deprecation notice in InputLinkElement (thanks to Oliver Bartsch)
- [BUGFIX] Avoid PHP deprecation in TextElement readOnly mode (thanks to Nikita Hovratov)
- [BUGFIX] Avoid 1s client-side backend request caching (thanks to Benjamin Franzke)