TYPO3 11.5.16

13 September 2022

TYPO3 version 11.5.16 is now available (security release).

Upgrading to TYPO3 11.5.16

What's New in TYPO3 11.5.16

• [SECURITY] Upgrade to typo3/html-sanitizer v2.0.16
  
• [SECURITY] Encode child node variables in f:asset.css view helper
  
• [SECURITY] Mitigate cross-site-scripting in FileDumpController
  
• [SECURITY] Respect expiration time of password reset token
  
• [SECURITY] Mitigate timing discrepancies during user authentication
  
• [SECURITY] Mitigate denial-of-service scenarios in page error handler
  

• [TASK] Prevent undefined array key warnings in ext:belog
  
• [BUGFIX] Revert modified cache handling in form framework
  
• [TASK] Resolve cgl violations in php files
  
• [TASK] Use same version of friendsofphp/php-cs-fixer as in v12
  
• [BUGFIX] Handle undefined tt_content_defValues in NewContentElementController
  
• [DOCS] Fix rendering of Events in the docu
  
• [BUGFIX] Trim provided external URL in linkwizard modal
  
• [BUGFIX] Do not render clipboard errors as notification
  
• [TASK] Use current git repository links
  
• [BUGFIX] Use correct data attribute name for doktype select
  
• [BUGFIX] Check if titleText is available in classesAnchor RTE config
  
• [TASK] Avoid PHP8.2 related deprecation failure in unit test
  
• [BUGFIX] List invalid field in FormEngine review
  
• [BUGFIX] Fix condition in EXT:impexp to check for export view
  
• [TASK] Update settings snippet: use default values everywhere
  
• [TASK] Temporarly avoid PHPStan composer-max tests fails
  
• [TASK] Avoid unsolveable phpstan error for return-type mismatch
  
• [BUGFIX] Add missing outer-container classes for foreign selector types
  
• [DOCS] Fix links to Events
  
• [DOCS] Fix section on how to open the dashboard
  
• [TASK] Temporarly skip mailer unit test execution with PHP8.1