TYPO3 12.4.8
14 November 2023
TYPO3 version 12.4.8 is now available (security release).
Upgrading to TYPO3 12.4.8
TYPO3 12.4.8 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply TYPO3 updates as new versions are released, or use Installatron's Clone feature to duplicate an existing TYPO3 install to test the 12.4.8 upgrade prior to applying it live. Get started managing your TYPO3 installations with Installatron
What's New in TYPO3 12.4.8
Security
- [SECURITY] Upgrade to typo3/html-sanitizer v2.1.4 (thanks to Benjamin Franzke)
- [SECURITY] Limit user session to cookie domain (thanks to Benjamin Franzke)
- [SECURITY] Do not display full path to ENABLE_INSTALL_TOOL file (thanks to Markus Klein)
Bug Fixes and Changes
- [TASK] Stabilize ac tests again (thanks to Christian Kuhn)
- [TASK] Fix changelog for TCA slug generatorOptions (thanks to Sybille Peters)
- [BUGFIX] Verify Popover instances before usage (thanks to Christian Kuhn)
- [BUGFIX] Make labels in workspace preview translatable (thanks to Patrick Schriner)
- [BUGFIX] Properly escalate if a form HMAC fails to decode (thanks to Thomas Hohn)
- [BUGFIX] Show correct icon for page types in UserInformationService (thanks to Achim Fritz)
- [BUGFIX] Add missing file_rename labels to filelist (thanks to Patrick Schriner)
- [TASK] Update cropperjs library to 1.6.1 (thanks to Andreas Kienast)
- [BUGFIX] Prevent possible PHP crash with empty systemLocale (thanks to Xavier Perseguers)
- [BUGFIX] Fix possible regression in cObjGet() (thanks to Benjamin Franzke)
- [TASK] Respect the AsCommand hidden constructor argument (thanks to Benjamin Franzke)
- [BUGFIX] Fix special characters in scheduler labels (thanks to Imko Schumacher)
- [DOCS] Add section about adding custom tables to create record reaction (thanks to Chris Müller)
- [TASK] Remove superfluous typecasts in Extbase AbstractValidator (thanks to Torben Hansen)
- [DOCS] Use correct variable in code example in ext:dashboard (thanks to Fabio Norbutat)
- [DOCS] Use proper yaml quoting in MakeRefreshable.rst (thanks to Fabio Norbutat)
- [BUGFIX] Update phpstan/phpstan to 1.10.41 (thanks to Andreas Kienast)
- [BUGFIX] Concatenate inline JavaScript with line break (thanks to Jonas Eberle)
- [BUGFIX] Allow to create folders with name "0" (thanks to Justus Moroni)
- [DOCS] Fix typos and code example in be module registration API (thanks to Josef Glatz)
- [BUGFIX] Respect record's overlay icon in workspace listing (thanks to Oliver Bartsch)
- [TASK] Migrate icon-element to @lit/task (thanks to Benjamin Franzke)
- [BUGFIX] Enable configuration passthrough for custom CKEditor5 plugins (thanks to Benjamin Franzke)
- [TASK] Update bootstrap to 5.3.2 (thanks to Andreas Kienast)
- [BUGFIX] Prefix fields with table name in SuggestWizardDefaultReceiver (thanks to Achim Fritz)
- [TASK] Have an event to modify constants AST in FE (thanks to Julian Mair)
- [BUGFIX] Allow custom AbortSignal to be passed to AjaxRequest methods (thanks to Benjamin Franzke)
- [TASK] Upgrade to Lit v3 (thanks to Benjamin Franzke)
- [BUGFIX] Update phpstan/phpstan to 1.10.40 (thanks to Andreas Kienast)
- [TASK] Escape dynamic values in DOM selectors (thanks to Benjamin Franzke)
- [TASK] Bump friendsofphp/php-cs-fixer:^3.37.1 (thanks to Christian Kuhn)
- [BUGFIX] Reset UriBuilder for links generated by PasswordRecoveryService (thanks to Garvin Hicking)
- [TASK] Introduce Symfony attribute based registration of CLI commands (thanks to Bastien Lutz)
- [BUGFIX] Add a few missing labels (thanks to Christian Kuhn)
- [BUGFIX] Simplify regex for form finisher FlexForm overrides (thanks to Nikita Hovratov)
- [BUGFIX] Array access warning in DataHandler (thanks to Christian Kuhn)
- [TASK] Use ConsumableNonce instead of blunt Nonce in CSP context (thanks to Oliver Hader)
- [TASK] Return __toString value from objects in DataMapper::getPlainValue (thanks to Soren Malling)
- [TASK] Show Content Security Policy Mutations Configuration (thanks to Oliver Hader)
- [BUGFIX] Replace CSP mutation mode extend by inherit & append (thanks to Oliver Hader)
- [BUGFIX] Mark erroneous fields within .formengine-field-item (thanks to Andreas Kienast)
- [BUGFIX] Handle null values in input transformation in AJAX requests (thanks to Andreas Kienast)
- [BUGFIX] Ensure CKEditor5 removePlugins is always a list (thanks to Benjamin Franzke)
- [BUGFIX] Handle missing t3ver_state value in workspace ElementEntityProcessor (thanks to Markus Klein)
- [TASK] Fix php-cs-fixer config (thanks to Benjamin Franzke)
- [TASK] Pin to PER Coding Style v1.0 (thanks to Benjamin Franzke)
- [BUGFIX] Show label in foreign record selector (thanks to Till Hörner)
- [TASK] Bump friendsofphp/php-cs-fixer:^3.35.1 (thanks to Christian Kuhn)
- [BUGFIX] Correct link to limit shown entries in record history module (thanks to Jasmina Ließmann)
- [BUGFIX] Avoid PHP array access error in workspaces (thanks to Christian Kuhn)
- [BUGFIX] Display human-readable preview of FlexForm values (thanks to Uwe Trotzek)
- [BUGFIX] Do not flush rootline cache when be user visits the website (thanks to Christoph Lehmann)
- [TASK] Show original user on new line in ElementHistoryController (thanks to Josef Glatz)
- [TASK] Remove dead catch in ImageViewHelper (thanks to Nikita Hovratov)
- [TASK] Avoid misusing csv file of different test in ImageViewHelperTest (thanks to Nikita Hovratov)
- [TASK] Improve invalidArguments tests for ImageViewHelper (thanks to Nikita Hovratov)
- [TASK] Replace tabs with spaces in xml files (thanks to Nikita Hovratov)
- [DOCS] Fix grammatical errors (thanks to Simon Schaufelberger)
- [DOCS] Clarify usage of "value" with "property" in <f:form.*> ViewHelpers (thanks to Simon Praetorius)
- [TASK] Update terser to 5.22 (thanks to Andreas Kienast)
- [TASK] npm: update vulnerable dev dependencies (thanks to Andreas Kienast)
- [TASK] Streamline providing CSP mutations (thanks to Oliver Hader)
- [TASK] Update ckeditor5 to v40 (thanks to Andreas Kienast)
- [BUGFIX] Handle missing TCA|ctrl|title in recycler schedule task (thanks to Markus Klein)
- [BUGFIX] Adjust config file path in Install Tool password hint (thanks to Jan Greth)
- [BUGFIX] Prevent superfluous SELECT DATABASE() statements (thanks to Christoph Lehmann)
- [BUGFIX] Allow more TCA types for reaction fields (thanks to Georg Ringer)
- [TASK] Add phpstan check for unneeded pseudo uncertain instanceof usage (thanks to Benjamin Franzke)
- [BUGFIX] Workspaces: handle TCA without transOrigPointerField (thanks to Markus Klein)
- [BUGFIX] Provide CSP ReportRepository ONLY_FULL_GROUP_BY support (thanks to Oliver Hader)
- [BUGFIX] Properly pass option untrusted to addQueryString (thanks to Patrick Schriner)
- [BUGFIX] Change to "move elements" when using cut in file list dot-menu (thanks to Kevin Appelt)
- [TASK] Migrate getAccessibleMockForAbstractClass for EXT:form controller (thanks to Oliver Klee)
- [BUGFIX] Fix another PHP 8 warning in DataHandler (thanks to Philipp Kitzberger)
- [BUGFIX] Avoid GU::trimExplode('', null) in BU::getProcessedValue() (thanks to Christian Kuhn)
- [TASK] Use descriptions over placeholders in sys_file_storage (thanks to Nikita Hovratov)
- [DOCS] Correct wrong YAML configuration example in changelog (thanks to Mehdi Chaouch)