TYPO3 10.4.18
3 August 2021
TYPO3 version 10.4.18 is now available (security release).
Upgrading to TYPO3 10.4.18
TYPO3 10.4.18 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 10.4.18 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 10.4.18
Security
- [SECURITY] Do not log sensitive data in authentication process
- [SECURITY] Mitigate XSS related to column names
- [SECURITY] Encode error messages in Query View
- [SECURITY] Mitigate XSS in viewpage
Bug Fixes
- [TASK] Mitigate downstream CSV code injection
- [BUGFIX] Prevent TypeError in TableController
- [BUGFIX] Upgrade packages chart.js, codemirror, ckeditor4
- [TASK] Skip another SVG sanitizer test causing seg fault
- [TASK] Skip SVG sanitizer test causing segmentation fault
- [TASK] Backport SecurityUtility.stripHtml()
- [TASK] Streamline identifier usage in SvgFilesSanitization upgrade wizard
- [BUGFIX] Correctly resolve best matching FAL storage
- [TASK] Adjust RST syntax in SVG sanitizer documentation
- [TASK] Introduce SVG Sanitizer
- [BUGFIX] Properly check shortcut permissions in ShortcutRepository
- [TASK] Improve exception messages in ImageService
- [BUGFIX] Enable ContextMenu for file mounts and file storages again
- [BUGFIX] Remove always true part of if condition
- [BUGFIX] Fix missing closing divs in SelectSingleBoxElement
- [TASK] Add placeholder for title field in create multiple pages
- [BUGFIX] Allow to abort a selected upgrade wizard before execution
- [TASK] Reflect patched jQuery state
- [BUGFIX] Unlink temp files in import of ext:impexp
- [BUGFIX] Handle invalid source string correctly in ImageService
- [BUGFIX] Avoid crash due to endless loop in Fluid-based Page Module
- [DOCS] Complete new pagination changelog rst
- [BUGFIX] Set position for alert container to fixed
- [DOCS] Use correct method params in #90956 rst-file
- [BUGFIX] Fix typos in language labels
- [BUGFIX] Declare guzzlehttp/psr7 dependency
- [BUGFIX] Respect TSconfig when adding page translations to recordlist
- [DOC] Change fallback layer code removal information
- [BUGFIX] Fix terms in Info > Page TSconfig
- [BUGFIX] Missing is_array check in setValueByPath
- [BUGFIX] Respect offline storages on context menu initialization
- [TASK] Extract common site test aspects to trait
- [TASK] Add acceptance test for EXT:reports module
- [TASK] Add customization examples for felogin
- [BUGFIX] Fix range handling for eval double
- [DOCS] Fix PHP code example in changelog
- [TASK] Raise typo3/testing-framework:^6.8.4
- [TASK] Raise typo3/testing-framework:^6.8.3
- [BUGFIX] Correct ac test file namespace
- [BUGFIX] Fix return annotation of AbstractDomainObject->getUid()
- [BUGFIX] Do not render clipboard actions for page translations
- [TASK] Remove "sha1" from sys_file searchFields
- [BUGFIX] Check if shortcuts' target table still exists
- [TASK] Document behaviour of inline parent info in itemsProcFunc
- [BUGFIX] Add uid field to fieldDefinitions in EXT:seo
- [BUGFIX] Prevent Uncaught TypeError in Recordlist JavaScript