TYPO3 12.4.31
20 May 2025
TYPO3 version 12.4.31 is now available (security release).
Upgrading to TYPO3 12.4.31
TYPO3 12.4.31 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 12.4.31 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 12.4.31
12.4.31
Security
- [SECURITY] Disallow changing system maintainer details (thanks to Oliver Hader)
- [SECURITY] Prevent MFA bypass for backend login (thanks to Torben Hansen)
- [SECURITY] Enforce file extension and MIME-type consistency (thanks to Oliver Hader)
- [SECURITY] Require step-up authentication for password change (thanks to Benjamin Franzke)
- [SECURITY] Allow filtering request hosts in webhook messages (thanks to Benjamin Franzke)
- [SECURITY] Consider all queried tables in FrontendGroupRestriction (thanks to Elias Häußler)
Bug Fixes and Changes
- [BUGFIX] Re-add missing CKEditor "ListProperties" module import (thanks to Garvin Hicking)
- [DOCS] Fix wrong option name in Confirmation finisher example (thanks to rteitge)
- [TASK] Extract filename pre-processing for uploaded files in FAL (thanks to Oliver Hader)
- [TASK] Remove unnecessary PHP use statement (thanks to Oliver Hader)
- [BUGFIX] Update phpstan/phpstan to 2.1.15 (thanks to Andreas Kienast)
12.4.30
Bug Fixes and Changes
- [BUGFIX] Ensure sudo-mode password field is autofocused (thanks to Benjamin Franzke)
- [BUGFIX] Address open_basedir issue in asset path handling (thanks to Simon Praetorius)
12.4.29
Bug Fixes
- [BUGFIX] Mitigate Postgres like type error for JSON fields (thanks to Stefan Bürk)
- [BUGFIX] Set routes to Extbase modules using f:link.action (thanks to Bastian)
- [BUGFIX] Improve accessibility in sudo-mode modal (thanks to Benjamin Franzke)
- [TASK] Update phpstan to 2.1.14 (thanks to Anja Leichsenring)
- [TASK] Use media-type application/yaml (thanks to Oliver Hader)
- [TASK] Update mime-type collection & incorporate RFC 9512 (YAML) (thanks to Oliver Hader)
- [BUGFIX] Load draggable-resizable-element in top-level scope (thanks to Andreas Kienast)
- [TASK] Provide relevant File properties in FAL ResourceStorageTest (thanks to Oliver Hader)
- [TASK] Enforce trailing semicolon in TypeScript files (thanks to Andreas Kienast)
- [TASK] Update Deprecation-100071-MagicRepositoryFindByMethods.rst (thanks to Christian-Hackl)
- [BUGFIX] Make sure absolute paths are cache busted (thanks to Simon Praetorius)
- [BUGFIX] Request content frame reload after delete via context menu (thanks to Andreas Kienast)
- [TASK] Update phpstan (thanks to Stefan Bürk)
- [BUGFIX] Use correct configuration for sitemap template (thanks to Georg Ringer)
- [TASK] Do not initialize the database for validator functional tests (thanks to Simon Schaufelberger)
- [BUGFIX] Properly calculate the effective PID for page translations or versioned pages (thanks to Benni Mack)
- [BUGFIX] Fix undefined array key table in ContextMenuController (thanks to Andreas Kienast)
- [BUGFIX] Fix preview with extendToSubpages (thanks to Sybille Peters)
- [TASK] Add rate limit to ext:felogin password recovery (thanks to Torben Hansen)
- [BUGFIX] Use integer return value in sorting callback (thanks to Georg Ringer)
- [BUGFIX] Ensure existing storage on file object creation (thanks to Oliver Bartsch)
- [BUGFIX] Ensure SelectViewHelper uses strings for option*Field (thanks to Markus Klein)
- [BUGFIX] Avoid "Save changes and view" in FormEngine if form is invalid (thanks to Andreas Kienast)
- [BUGFIX] Determine correct record uid from single record clipboard (thanks to Andreas Kienast)
- [BUGFIX] Replace outdated documentation link with permalink (thanks to Elias Häußler)
- [BUGFIX] Do not attempt to fix id-only URLs in CSS (thanks to Andreas Kienast)
- [BUGFIX] Fallback to placeholder on missing icon in workspace table (thanks to Andreas Kienast)
- [TASK] Make container hosts IPv4 addresses manageable with GitLab (thanks to Stefan Bürk)
- [BUGFIX] Render log entry times in correct timezone (thanks to Benjamin Franzke)
- [TASK] Update phpstan/phpstan and mitigate reportings (thanks to Stefan Bürk)
- [BUGFIX] ADMCMD_* params missing for split preview URLs (thanks to Philipp Kitzberger)
- [BUGFIX] Allow empty config.doctype as HTML5 (thanks to Benni Mack)
- [BUGFIX] Use correct error message in DateRangeValidator (thanks to Georg Ringer)
- [BUGFIX] Allow to visit pages if editor has no access (thanks to Benni Mack)
- [BUGFIX] Apply fallback chain for Extbase entities with language sets (thanks to Benni Mack)
- [BUGFIX] Rollback changed records if any (thanks to Ingo Fabbri)
- [BUGFIX] Provide a host for redirects to files (thanks to Georg Ringer)
- [TASK] Avoid loading metadata for files when obtaining the "file" property (thanks to Philipp Wrann)
- [BUGFIX] Add scope attribute to system information dropdown table header (thanks to Christian Rath-Ulrich)
- [TASK] Remove deprecated call to xml_set_object(), add tests (thanks to Garvin Hicking)
- [BUGFIX] Fix syntax errors in css of web components (thanks to Georg Ringer)
- [BUGFIX] Add proper checks for mountpoint information (thanks to Georg Ringer)
- [BUGFIX] Fix race condition on creating select tree elements (thanks to Patrick Schriner)
- [BUGFIX] Ensure scheduler task start/end time is integer (thanks to Garvin Hicking)
- [TASK] Stabilize SiteModuleCest::editExistingRecord acceptance test (thanks to Benjamin Franzke)
- [BUGFIX] Ignore extra parameters in typolink tag parsing (thanks to Soren Malling)