TYPO3 12.4.37
9 September 2025
TYPO3 version 12.4.37 is now available (security release).
Upgrading to TYPO3 12.4.37
TYPO3 12.4.37 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 12.4.37 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 12.4.37
Security
- [SECURITY] Prevent Information Disclosure in record list downloader (thanks to Benjamin Franzke)
- [SECURITY] Avoid displaying version details to unauthorized users (thanks to Oliver Hader)
- [SECURITY] Inherit access to module-related AJAX routes from modules (thanks to Elias Häußler)
- [SECURITY] Prevent information disclosure via filesystem E_WARNING errors (thanks to Andreas Kienast)
- [SECURITY] Avoid reduced entropy during password generation (thanks to Oliver Hader)
- [SECURITY] Properly catch FAL exceptions in ShortcutRepository (thanks to Oliver Hader)
- [SECURITY] Fix open redirection via GeneralUtility::sanitizeLocalUrl (thanks to Benjamin Franzke)
Bug Fixe and Changes
- [TASK] Add more common MIME type replacements and file extensions (thanks to Garvin Hicking)
- [TASK] Replace deprecated SplObjectStorage method calls (thanks to Stefan Bürk)
- [DOCS] Hyphenated words and fulltext search (thanks to Christian Weiske)
- [BUGFIX] Use array accessors inside \TYPO3\CMS\Core\Type\Map (thanks to Oliver Hader)
- [BUGFIX] Always clone policy in CSP's Policy::prepare (thanks to Oliver Hader)
- [DOCS] Update indexed_search fulltext table documentation (thanks to Christian Weiske)
- [DOCS] Mark up BE template API examples as code (thanks to Mathias Brodala)
- [BUGFIX] Avoid PHP errors with broken FE URL arguments (thanks to Christian Kuhn)
- [BUGFIX] Do not calculate negative cache lifetime (thanks to Christian Kuhn)
- [BUGFIX] Do not cast PID of file reference to int in HTML (thanks to Georg Großberger)
- [TASK] Remove deprecated function calls with no effect since PHP 8.0 (thanks to Stefan Bürk)
- [TASK] Update phpunit/phpunit and dependencies (thanks to Stefan Bürk)
- [BUGFIX] Correctly handle TextTableElement delimiter fallback (thanks to Christian Weiske)