TYPO3 12.4.11
15 February 2024
TYPO3 version 12.4.11 is now available (security release).
Upgrading to TYPO3 12.4.11
TYPO3 12.4.11 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 12.4.11 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 12.4.11
Security
- [SECURITY] Deny directly modifying file abstraction layer entities (thanks to Oliver Hader)
- [SECURITY] Prevent arbitrary access to privileged resources via t3:// (thanks to Benjamin Franzke)
- [SECURITY] Do not disclose encryptionKey via InstallTool (thanks to Benjamin Franzke)
- [SECURITY] Avoid showing password hashes in backend edit forms (thanks to Oliver Hader)
- [SECURITY] Prevent RCE via install tool settings (thanks to Benjamin Franzke)
- [!!!][SECURITY] Enforce absolute path checks in FAL local driver (thanks to Oliver Hader)
Bug Fixes and Changes
- [BUGFIX] Avoid autocompletion in TCA type password (thanks to Benjamin Franzke)
- [TASK] Update phpstan/phpstan version (thanks to Stefan Bürk)
- [TASK] Update composer/composer to most recent version (thanks to Oliver Hader)
- [BUGFIX] Fix list view functionality in FileList (thanks to Oliver Bartsch)
- [DOCS] Document how to replace a linktype (thanks to Sybille Peters)
- [BUGFIX] Also fetch outdated extensions in extensionmanager (thanks to Oliver Bartsch)
- [BUGFIX] Wrong language labels in StandardContentPreviewRenderer (thanks to Torben Hansen)
- [BUGFIX] Avoid static calls to LogDataTrait::formatLogDetails (thanks to Oliver Hader)
- [TASK] Update container image versions (thanks to Stefan Bürk)
- [BUGFIX] Mitigate a TypeError in StandardContentPreviewRenderer (thanks to Yann)
- [BUGFIX] Handle record export and download options individually (thanks to Oliver Bartsch)
- [BUGFIX] Properly use file name argument in locallang label (thanks to Oliver Bartsch)
- [TASK] Replace former extension packages using self.version (thanks to Thomas Hohn)
- [BUGFIX] Install Tool: Re-enable modal actions after execution (thanks to Andreas Kienast)
- [TASK] Update sortablejs (thanks to Andreas Kienast)
- [BUGFIX] Properly resolve GET parameter id (thanks to Benni Mack)
- [TASK] Fix acceptence tests window size with php-webdriver 1.15 (thanks to Benjamin Kott)
- [BUGFIX] Undefined array index for TCA without ctrl (thanks to Simon Schaufelberger)
- [TASK] Add composer dispatcher to runTests.sh (thanks to Stefan Bürk)
- [TASK] Use correct global cache key for gitlab workflows (thanks to Stefan Bürk)
- [TASK] Update sass (thanks to Andreas Kienast)
- [BUGFIX] Reverse rootline for PageLayoutResolver calls (thanks to Dimitri König)
- [TASK] Update doctrine/dbal:^3.8.1 (thanks to Stefan Bürk)
- [BUGFIX] Fix typo in Random::DEFAULT_PASSWORD_LENGTH constant (thanks to Andreas Kienast)
- [TASK] Drop unneeded TYPO3 version from package.json (thanks to Andreas Kienast)
- [BUGFIX] Add fake TS setup in admin panel for fluid (thanks to Benni Mack)
- [BUGFIX] Omit click menu on icons in browse mode (thanks to Oliver Bartsch)
- [TASK] Add missing MySQL Server versions to runTests.sh (thanks to Stefan Bürk)
- [TASK] Update lit packages (thanks to Andreas Kienast)
- [TASK] Update locales translation files (thanks to Stefan Bürk)
- [BUGFIX] Ensure extended XliffFileDumper::dump() is compatible (thanks to Stefan Bürk)
- [TASK] Update codemirror and friends (thanks to Andreas Kienast)
- [DOCS] Remove outdated number from logicalAnd() and logicalOr() PHPdoc (thanks to Albrecht Köhnlein)
- [TASK] Use podman before docker in Build/Scripts/runTests.sh (thanks to Stefan Bürk)
- [BUGFIX] Do not force 5 records in list view (thanks to Oliver Bartsch)
- [TASK] Update testing-framework (thanks to Stefan Bürk)
- [BUGFIX] Prevent exception in TranslateViewHelper for modules without short description (thanks to Albrecht Köhnlein)
- [TASK] Unblock argument passing in Build/Scripts/runTests.sh (thanks to Stefan Bürk)
- [BUGFIX] Reset array keys after filtering available languages (thanks to Oliver Bartsch)
- [BUGFIX] Change file extension separator in element browser string (thanks to Oliver Bartsch)
- [BUGFIX] Prevent memory leak when fetching a lot of database records (thanks to Sascha Nowak)
- [DOCS] Remove index page from changelogs (thanks to Chris Müller)
- [BUGFIX] Prevent side effects in rst extension scanner tags check (thanks to Oliver Bartsch)
- [BUGFIX] Prevent empty categories in NewContentElementWizard (thanks to Oliver Bartsch)
- [BUGFIX] Indexed Search: Pass freeIndexUid to pageBrowsing ViewHelper (thanks to Andreas Kienast)
- [TASK] Improve type annotations for (Lazy)ObjectStorage (thanks to Oliver Klee)
- [DOCS] Add link to hooks on "Concepts > Frontend rendering" page (EXT:form) (thanks to Chris Müller)
- [BUGFIX] Add missing type in annotation for GU::implodeAttributes (thanks to Oliver Klee)
- [TASK] Improve Install Tool UX for first-time users (thanks to Mathias Bolt Lesniak)
- [BUGFIX] Do not resolve resource paths in EXT:form (thanks to Peter Kraume)
- [TASK] Update PHPStan and friends (thanks to Stefan Bürk)
- [BUGFIX] Add suggestion for EXT:lowlevel to EXT:form (thanks to Oliver Bartsch)
- [BUGFIX] Indexed Search: Only write internal log if debugMode is enabled (thanks to Andreas Kienast)
- [DOCS] Improve output of *rootPaths examples (thanks to Simon Praetorius)
- [BUGFIX] Fix type annotations in extbase Annotation classes (thanks to Oliver Klee)
- [DOCS] Fix BeforeRequestTokenProcessedEvent code example (thanks to Torben Hansen)
- [TASK] Update to CKEditor5 v41 (thanks to Benjamin Franzke)
- [TASK] Add stored page id to LiveSearch search demand (thanks to Andreas Kienast)
- [BUGFIX] Typoscript ">" operator removes too much (thanks to Christian Kuhn)
- [BUGFIX] Use matching site in extbase BE modules (thanks to Christian Kuhn)
- [DOCS] Fixes PHP syntax in snippet (thanks to Julian Hofmann)
- [TASK] Update container image versions (thanks to Stefan Bürk)
- [DOCS] Added note to ext:felogin redirect modes (thanks to Torben Hansen)
- [BUGFIX] Fix page input of recordlist pagination (thanks to Oliver Bartsch)
- [TASK] Ensure unique values in filemounts permissions (thanks to Marcin Sągol)
- [TASK] Sort table and field list in DB Check module by labels (thanks to Marcin Sągol)
- [BUGFIX] Restore Controller PHP attribute (thanks to Oliver Bartsch)
- [BUGFIX] Ensure table wizard connected callback has access to textarea (thanks to Benjamin Franzke)
- [BUGFIX] Prevent type error on static route (thanks to linawolf)
- [BUGFIX] Use correct check and fallback type for plugin itemGroups resolving (thanks to Oliver Bartsch)