TYPO3 11.5.37
14 May 2024
TYPO3 version 11.5.37 is now available (security release).
Upgrading to TYPO3 11.5.37
TYPO3 11.5.37 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 11.5.37 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 11.5.37
Security
- [SECURITY] Protect frame GET parameter in tx_cms_showpic eID (thanks to Benni Mack)
- [SECURITY] Encode all file properties in tx_cms_showpic output (thanks to Oliver Hader)
- [SECURITY] Prevent XSS in FormManager backend module (thanks to Benjamin Franzke)
Bug Fixes and Changes
- [DOCS] Correct example for defining RTE preset of flexform field (thanks to Christian Fries)
- [BUGFIX] Prevent TypeError in DatabaseIntegrityController (thanks to Christoph Lehmann)
- [TASK] Add unicode license file next to .tbl files (thanks to Willi Wehmeier)
- [TASK] Update package enshrined/svg-sanitize to 0.18.0 (thanks to Oliver Hader)
- [BUGFIX] Fix PHP Warning in caching framework garbage collection (thanks to Stephan Bauer)
- [BUGFIX] Avoid mapping route values that are out of scope (thanks to Oliver Hader)
- [BUGFIX] Cast simulated timestamp to int (thanks to Georg Ringer)
- [BUGFIX] Add missing resname attribute to dashboard xlf files (thanks to Andreas Kienast)
- [BUGFIX] Set default value for extbase Container::$prototypeObjects... (thanks to Christian Weiske)
- [TASK] Add npm command dispatcher to Build/Scripts/runTests.sh (thanks to Stefan Bürk)
- [BUGFIX] Ensure working count query in DatabaseRecordList::getTable() (thanks to Stefan Bürk)
- [BUGFIX] Use correct timezones with timestamp based \DateTime (thanks to Markus Klein)
- [BUGFIX] Fix array access error in LinkAnalyzerResult (thanks to Sybille Peters)
- [TASK] Avoid calling deprecated Symfony Console helper commands (thanks to Oliver Klee)
- [BUGFIX] Fix wrong GUI crop area placement on edge cases (thanks to Andreas Kienast)
- [TASK] Account for double click pagetree timeout in acceptance tests (thanks to Benjamin Franzke)
- [BUGFIX] Admin-only edit lock can be disabled again (thanks to Christian Ludwig)
- [TASK] Update core-testing-php image versions (thanks to Stefan Bürk)
- [BUGFIX] Add _ga to excludedParameters (thanks to Andreas Kienast)
- [TASK] Apply some runTests.sh cleanups (thanks to Benjamin Franzke)
- [TASK] Add composer-mode to our acceptance test matrix (thanks to Benjamin Franzke)
- [TASK] Fix cache name in comments (thanks to Oliver Klee)
- [TASK] Add GeneralUtility::makeInstance to PHPStorm meta file (thanks to Oliver Bartsch)
- [TASK] Apply stricter URI route generation assertions (thanks to Oliver Hader)
- [TASK] Limit commit message line length to 72 characters (thanks to Ayke Halder)
- [BUGFIX] Fix FormEngine inline stylesheet resolution in composer mode (thanks to Benjamin Franzke)
- [DOCS] Put example input in backtics in form manual (thanks to linawolf)
- [DOCS] Remove unused files in Documentation folder (thanks to linawolf)
- [DOCS] Adjust Includes.rst.txt after switch to PHP-based rendering (thanks to Chris Müller)
- [BUGFIX] Avoid race condition in DI cache persistence (thanks to Benjamin Franzke)
- [DOCS] Switch Recycler documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch Redirects documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch seo documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch scheduler documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch workspaces documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch rte_ckeditor documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Fix Edit on GitHub Button for manuals (thanks to linawolf)
- [BUGFIX] Do not try to log negative UID in DataHandler (thanks to Markus Klein)
- [BUGFIX] Exclude gbraid and wbraid parameters from cHash calculation (thanks to Daniel H)
- [DOCS] Switch linkvalidator documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch Indexed Search documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch impexp documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch felogin documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Switch fluid_styled_content documentation to PHP-based rendering (thanks to linawolf)
- [DOCS] Fix references in admin panel (thanks to Chris Müller)
- [DOCS] Add regex example to target column referencing capturing groups (thanks to Josef Glatz)
- [BUGFIX] Cast DOM attribute values to string (thanks to Helmut Hummel)
- [DOCS] Switch Dashboard documentation to PHP-based rendering (thanks to linawolf)
- [TASK] Allow execution of acceptance tests with local chromedriver (thanks to Benjamin Franzke)
- [BUGFIX] Exclude gad_source parameter from cHash calculation (thanks to Andreas Kienast)
- [DOCS] Switch adminpanel docs to PHP-based rendering (thanks to linawolf)
- [BUGFIX] Allow maxitems=1 for TCA type category (thanks to Markus Klein)
- [BUGFIX] Prevent possible browser freezes in FormEditor (thanks to Benjamin Franzke)
- [TASK] Prevent undefined encryptionKey in tests (thanks to Torben Hansen)
- [TASK] Use correct command dispatch in runTests.sh (thanks to Stefan Bürk)
- [BUGFIX] Avoid notice in template module by an early return (thanks to Georg Ringer)
- [TASK] Add better PHPStan annotation for method getRepositoryClassName (thanks to sschreiberten)