TYPO3 11.5.30
27 July 2023
TYPO3 version 11.5.30 is now available (security release).
Upgrading to TYPO3 11.5.30
TYPO3 11.5.30 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 11.5.30 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 11.5.30
Bug Fixes and Changes
- [SECURITY] Mitigate XSS in CKEditor4 plugin wordcount (thanks to Oliver Hader)
- [SECURITY] Avoid out-of-scope page access for non-matching site (thanks to Oliver Hader)
- [SECURITY] Upgrade to typo3/html-sanitizer v2.1.2 (thanks to Oliver Hader)
- [BUGFIX] Handle https in url for felogin redirect mode 'refererDomains' (thanks to Ayke Halder)
- [TASK] Use silence operator @ for test setup (thanks to Stefan Bürk)
- [BUGFIX] Ensure uid is not updated when updating resources (thanks to Tizian Schmidlin)
- [TASK] Align formatting details in runTests.sh (thanks to Christian Kuhn)
- [BUGFIX] Avoid PHP error in PHP 8 context in GifBuilder (thanks to Benni Mack)
- [TASK] Drop redundant condition from TransportFactory (thanks to Oliver Klee)
- [BUGFIX] Remove correct indexed_search entries on cache clearing (thanks to Georg Ringer)
- [BUGFIX] Fix fallback icons for custom page types (thanks to Nikita Hovratov)
- [BUGFIX] Prevent reaching the placeholder limit in indexed_search (thanks to Stefan Bürk)
- [BUGFIX] Enhance matching order for regex based redirects (thanks to Stefan Bürk)
- [BUGFIX] Make icon cache in localStorage version-aware (thanks to Andreas Fernandez)
- [BUGFIX] Include pid in field list of BU::getCommonSelectFields (thanks to Georg Ringer)
- [BUGFIX] Avoid exception in presets of Install Tool (thanks to Georg Ringer)
- [BUGFIX] Cast replacement values to strings (thanks to Georg Ringer)
- [BUGFIX] Do not store bollocks markup in icon cache (thanks to Andreas Fernandez)
- [BUGFIX] Only pass strings to string functions in EXT:backend (thanks to Oliver Klee)
- [TASK] Replace deprecated egrep in commit-msg hook (thanks to Benjamin Franzke)