TYPO3 10.4.20
18 August 2021
TYPO3 version 10.4.20 is now available (security release).
Upgrading to TYPO3 10.4.20
TYPO3 10.4.20 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 10.4.20 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 10.4.20
10.4.20
New Features
- [FEATURE] Introduce explicit f:sanitize.html view-helper
Bug Fixes
- [TASK] Upgrade to typo3/html-sanitizer v2.0.9
- [BUGFIX] Adjust default behavior of HTML sanitization in parseFunc
- [BUGFIX] Allow HTML node onclick events in generated frontend markup
- [BUGFIX] Use loading="lazy" in FormEngineUtility::getIconHtml()
- [BUGFIX] Respect toggle for legacy form upload MIME types again
- [DOCS] Exclude form finisher options from overrides
- [BUGFIX] Fix FileSpoolTest creating "spool" directory on root level
- [BUGFIX] Remove prefixed scriptName from urlPath in PageRouter
- [BUGFIX] Support for vimeo event url
- [BUGFIX] Avoid timeout issues through SvgFilesSanitization
- [TASK] Add status quo tests for f:format.html
- [BUGFIX] Re-add language switcher for sys_file_metadata records
- [DOCS] Document usage of YAML loader
- [TASK] Forward initiator to typo3/html-sanitizer
- [TASK] gitlab-ci: Backup TYPO3 logs of backend acceptance tests
- [TASK] Upgrade to typo3/html-sanitizer v2.0.8
- [DOCS] Document final "nature" of Redirect finisher
- [BUGFIX] Inform about extended support in reports module correctly
- [BUGFIX] Accept JS spam protected email addresses
- [BUGFIX] Fix the Formelement selection button on first use
- [TASK] Enhance documentation for integration of html-sanitizer
- [BUGFIX] Respect 'ignoreRootLevelRestriction' setting
- [TASK] Declare core as replacement for t3g/svg-sanitizer"
- [BUGFIX] Avoid option enableWordClean name in tests
- [BUGFIX] Sort tables alphabetically in Export
10.4.19
Security
- [SECURITY] Ensure XSS-safe rich text rendering
Bug Fixes
- [TASK] Declare core as replacement for t3g/svg-sanitizer
- [TASK] Update enshrined/svg-sanitize to v0.14.1
- [TASK] Restore newRecord level button behaviour
- [BUGFIX] Render correct version information in Core Updater and reports module
- [BUGFIX] Reset query filters for file storages
- [BUGFIX] Prevent method call on invalid task in scheduler
- [BUGFIX] Only allow to edit metadata in FileList if metadata exists
- [TASK] runTests.sh: Allow step debugging acceptance tests
- [TASK] Raise typo3/testing-framework:^6.9.0
- [BUGFIX] Add necessary type property to reduced data structure
- [TASK] Remove duplicate variable initialization
- [BUGFIX] Use correct fallback for default page TSconfig
- [BUGFIX] Extbase Relations are resolved properly in workspaces
- [BUGFIX] Store preview of FAL Online Media in public folder
- [TASK] Add tests for wrong translation behavior of Extbase
- [BUGFIX] Clarify IPv6 address matching
- [TASK] Change indent for .rst in .editorconfig
- [BUGFIX] Fix sphinx warnings in previous changelog entries
- [TASK] Synchronize core changelog files between v11, v10, v9
- [BUGFIX] Skip range validation if input value and default are both "0"
- [BUGFIX] Add typehints for Doctrine DBAL 2.13.x
- [TASK] Add NEON files to .editorconfig
- [BUGFIX] Check whether realpath exists in runTests.sh
- [TASK] Rename github.com/TYPO3/TYPO3.CMS to github.com/typo3/typo3
- [BUGFIX] Use correct maximum width/height for media preview
- [BUGFIX] Do not encode password reset link in plain text
- [TASK] Make runTests.sh compatible with docker-compose v2
- [BUGFIX] Extbase ObjectManager can inject PSR ContainerInterface
- [BUGFIX] Add missing title tag for edit icon in page module.
- [BUGFIX] Check whether tt_content parent page is accessible
- [BUGFIX] Render upgrade wizard description in confirmation step