12 May 2020
TYPO3 version 9.5.17 is now available (security release).What's New in TYPO3 9.5.179.5.17 Security 2020-05-12 deaf931cf4 [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Oliver Hader) 2020-05-12 7d4159f791 [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Oliver Hader) 2020-05-12 fa3992d114 [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Oliver Hader) 2020-05-12 931a4fc070 [SECURITY] Ensure decoded entities are encoded for HTML again (thanks to Oliver Hader) 2020-05-12 109bf625ea [SECURITY] Escape shortened placeholder text in HTML output (thanks to Markus Klein) Bug Fixes 2020-05-12 c04ce95574 [TASK] Integrate server response security checks (thanks to Oliver Hader) 2020-05-12 14849c32c4 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez) 2020-05-12 d9616d6910 [BUGFIX] Revert PageReadPermission check for TreeController (thanks to Benni Mack) 2020-05-12 89b080a338 [BUGFIX] Fix internal + external links with URLs fragment (thanks to Benni Mack) 2020-05-12 49096b07e5 [BUGFIX] Enable Enhancer support for MountPoints (thanks to Benni Mack) 2020-05-11 c71afa631e [BUGFIX] Only call getMovePlaceholder for MOVE_POINTER records (thanks to Benni Mack) 2020-05-11 d3297faa12 [BUGFIX] Correctly evaluate "unique" eval for slug fields (thanks to David König) 2020-05-11 db898e5a18 [BUGFIX] Fix HMENU special=directory when site language is in free mode (thanks to Benni Mack) 2020-05-11 61aec7014e [BUGFIX] Do not deprecate $GLOBALS[TYPO3_REQUEST] (thanks to Benni Mack) 2020-05-11 1688e52557 [BUGFIX] Fix typo in frontend usergroups CSH details text (thanks to Marcin Sągol) 2020-05-10 10f755df33 [BUGFIX] Include composer dumpautoload in Test Plan Jobs (thanks to Anja Leichsenring) 2020-05-09 feb1d091cb [TASK] Improve backend module Form description (thanks to Marcin Sągol) 2020-05-09 f4f0dc0ecd [BUGFIX] Remove obsolete period in scheduler label (thanks to Daniel Goerz) 2020-05-06 4978699fe2 [BUGFIX] Use correct slug for access restricted translated pages (thanks to Benni Mack) 2020-05-06 f862f640f8 [BUGFIX] Use proper Fluid exception class (thanks to Andreas Fernandez) 2020-05-06 9a4bcd7705 [BUGFIX] Lift restriction for restricted records in Routing Aspects (thanks to Benni Mack) 2020-05-06 45d3d1150d [TASK] Avoid superfluous reference operator on objects (thanks to Oliver Hader) 2020-05-06 25aa35b322 [TASK] Use proper function reference for backend route in test case (thanks to Oliver Hader) 2020-05-06 df5e808447 [BUGFIX] Fix typo in identifier exists validation message in site configuration (thanks to Marcin Sągol) 2020-05-05 326671fd23 [BUGFIX] Reset window.opener in backend and load modules if authenticated (thanks to Andreas Fernandez) 2020-05-04 529a1cdbe4 [TASK] Respect disabled ElementBrowser also in TableList (thanks to Oliver Bartsch) 2020-05-04 cb40a8cc90 [BUGFIX] Harden deprecation log handling (thanks to Helmut Hummel) 2020-05-04 34fcc2dc9e [BUGFIX] Cache various where clauses of PageRepository (thanks to Benni Mack) 2020-05-02 3ca5e7b4dc [TASK] Ensure login module is completely loaded and processed (thanks to Oliver Hader) 2020-05-02 dd8cf23a63 [TASK] Use proper TypeScript functions instead of arrow functions (thanks to Oliver Hader) 2020-04-30 bc5a5dfdb2 [TASK] Add tags to clearcachehook (thanks to Patrick Schriner) 2020-04-28 0de69760b8 [BUGFIX] Correctly use trigger_error for deprecations (thanks to Markus Klein) 2020-04-28 1fa44d3850 [BUGFIX] No longer use deprecated function writeDeprecationLogFileEntry (thanks to Sybille Peters) 9.5.16 Bug Fixes 2020-04-28 43809319eb [BUGFIX] Set default value defined in columnsOverrides (thanks to Oliver Bartsch) 2020-04-28 47cf00f6b8 [BUGFIX] Fix inline icon rendering of bitmap icons (thanks to Benjamin Franzke) 2020-04-28 72417605dd [BUGFIX] Make backend.user conditions in FE work (thanks to Benni Mack) 2020-04-28 b7bb01e5b7 [BUGFIX] Throw BadRequestException on failed hmac validation from forms (thanks to Christian Eßl) 2020-04-28 610501882d [BUGFIX] Skip dynamically assigned instance names in extension scanner (thanks to Oliver Hader) 2020-04-28 b59a4ecc8b [BUGFIX] Fully check dependencies of dependencies (thanks to Simon Gilli) 2020-04-28 32e5af77a1 [BUGFIX] Fix extension scanner Index.rst filename parsing (thanks to Benjamin Franzke) 2020-04-28 9d29c51ac6 [DOCS] Fix some broken or outdated links (thanks to Sybille Peters) 2020-04-27 31bae041c0 [BUGFIX] Resolve merge conflict in NightlySpec (thanks to Andreas Fernandez) 2020-04-27 41d3f3243d [TASK] Rework nightly test run to execute less tests (thanks to Anja Leichsenring) 2020-04-27 e20f412eea [BUGFIX] Do not disable caching for caches with TransientMemoryBackend (thanks to Stephan Großberndt) 2020-04-27 bbc6800b38 [BUGFIX] Respect page TSconfig in drag & drop of page tree (thanks to Benni Mack) 2020-04-25 c0e7b296ef [BUGFIX] Reintroduce Extbase referring argument handling (thanks to Oliver Hader) 2020-04-25 560fa88db6 [TASK] Update Feature-80579-ImprovedJavaScriptModalAPI.rst (thanks to Alexander Obert) 2020-04-24 dcd45479d0 [BUGFIX] Check if language is accessible in PageContentErrorHandler (thanks to Christian Eßl) 2020-04-23 ed32856d00 [BUGFIX] Update ckeditor to 4.14.0 (thanks to Josef Glatz) 2020-04-22 a3725e0215 [BUGFIX] Resolve non-hidden workspace version of hidden live page properly (thanks to Benni Mack) 2020-04-22 e719a6898d [BUGFIX] Use correct identifier for "england" flag icon (thanks to Andreas Fernandez) 2020-04-22 5457c5b593 [BUGFIX] Evaluate proper permissions on pasting content (thanks to Oliver Bartsch) 2020-04-22 0af7aed893 [BUGFIX] QueryView: add missing space between form and message (thanks to Josef Glatz) 2020-04-21 cb42d317c2 [BUGFIX] Prevent PageTypeDecorator from matching index too generously (thanks to Guido Schmechel) 2020-04-21 c4e47924a1 [BUGFIX] Ensure ZipService sets proper permissions recursively (thanks to Benni Mack) 2020-04-21 e25c8e2840 [BUGFIX] Remove $scheme from LegacyLinkNotationConverter::resolve() (thanks to Christian Eßl) 2020-04-21 4c2ab2104c [BUGFIX] Ignore includeNotInMenu for the section menu of the current page (thanks to Josef Glatz) 2020-04-21 20e5cbb7cc [BUGFIX] Display error messages in scheduler (thanks to Susanne Moog) 2020-04-21 918477470b [BUGFIX] Fix wrongly used typecast in combination with ?? operator (thanks to Thomas Pronold) 2020-04-21 d0031a3f19 [BUGFIX] Use correct variable in TcaInline in exception log (thanks to Andreas Fernandez) 2020-04-21 a0357f03e5 [BUGFIX] Allow all child nodes in ActionMenuItemGroupViewHelper (thanks to Susanne Moog) 2020-04-20 144b11d5e8 [BUGFIX] Remove handling of nonexisting Exception in RecordProvider (thanks to Christian Eßl) 2020-04-20 ae722d641e [BUGFIX] Revert Use existing API instead of ContentObjectRenderer" (thanks to Georg Ringer) 2020-04-20 ba712650c9 [BUGFIX] Avoid 500 error for non-admins in page tree (thanks to Benni Mack) 2020-04-20 2e179973b2 [BUGFIX] Fix check for skipping translation of the metadata file field (thanks to Xavier Perseguers) 2020-04-20 57bcedc28d [DOCS] rte_ckeditor: add a meaningful project title (thanks to Josef Glatz) 2020-04-19 0e66ed43e3 [TASK] Tune permission checks in TreeController (thanks to Tymoteusz Motylewski) 2020-04-19 981e59e36a [DOCS] Add correct indentations in rte_ckeditor documentation (thanks to Josef Glatz) 2020-04-17 a3730417cb [BUGFIX] Skip input validation in scheduler command task (thanks to Helmut Hummel) 2020-04-16 2f8e83f351 [BUGFIX] Allow multiple mountpoints with the same slug (thanks to Patrick Broens) 2020-04-16 375c88db8c [BUGFIX] Do not generate links to unreachable pages (thanks to Markus Klein) 2020-04-16 ceb8f7f0c2 [BUGFIX] Don't render broken extension icons in language packs updater (thanks to Josef Glatz) 2020-04-15 d80621d03e [BUGFIX] Re-enable clearable behavior of ext:beuser filter field (thanks to Oliver Hader) 2020-04-15 31c81429b2 [TASK] Remove dependency to algo26-matthias/idna-convert (thanks to Benni Mack) 2020-04-15 ccc7eae6d7 [BUGFIX] Remove invalid doctype annotations from GeneralUtility (thanks to Ronald Kools) 2020-04-15 024358c587 [BUGFIX] Reset clipboard state for files that have been deleted (thanks to Oliver Hader) 2020-04-15 98d21328d1 [TASK] Provide test for Page\TreeController (thanks to Tymoteusz Motylewski) 2020-04-14 f426b2dcc7 [BUGFIX] Use empty alt text for EM extension icons (thanks to Oliver Klee) 2020-04-14 68357d565a [BUGFIX] Do not promote deprecated TS condition syntax in changelog (thanks to Tymoteusz Motylewski) 2020-04-14 612a5376c9 [BUGFIX] Cast label field for search in recycler (thanks to Manuel Selbach) 2020-04-13 dedbe269b3 [TASK] Add methods PURGE and BAN in TYPO3\CMS\Core\Http\Request (thanks to Timo Poppinga) 2020-04-13 2f6165e094 [BUGFIX] Disable extension scanner if no extensions are available (thanks to Benni Mack) 2020-04-12 7b3214f31b [BUGFIX] Restore ckeditor selections when unloading modal (thanks to Andreas Fernandez) 2020-04-12 f6016b3dc8 [BUGFIX] Keep language or colPos when moving a record in list module (thanks to Christian Eßl) 2020-04-12 081161e20a [TASK] Bring back datetime related acceptance tests for FormEngine (thanks to Anja Leichsenring) 2020-04-11 ce50ca1259 [BUGFIX] correctly resolve saved mm relations in TCA (thanks to Tobi Kretschmann) 2020-04-10 24f1f1f350 [BUGFIX] Fix wording of exception in DataMapper (thanks to Georg Ringer) 2020-04-10 149103e8f9 [BUGFIX] Do not perform string-with-boolean comparisons in switch cases (thanks to Volker Diels-Grabsch) 2020-04-08 2269bbdaca [BUGFIX] Fix typos in InlineStackProcessorTest (thanks to Christian Eßl) 2020-04-08 5d14536ca1 [TASK] Restructure and fine-tune builds (thanks to Andreas Fernandez) 2020-04-07 685e9a2321 [BUGFIX] Include Page Read Permissions to PageTreeController (thanks to Benni Mack) 2020-04-07 548a10af18 [BUGFIX] Fix thrown exception in history (thanks to Patrick Broens) 2020-04-07 b0104e8052 [TASK] Upgrade Documentation: add footer links (thanks to Josef Glatz) 2020-04-06 7e60acc352 [BUGFIX] Convert page UID to proper link syntax in LinkBrowser (thanks to Markus Klein) 2020-04-06 5aa3b71c29 [BUGFIX] Allow pageIdSelector again in non-RTE link browser (thanks to Markus Klein) 2020-04-05 d16e72e892 [BUGFIX] Preserve selection ranges in RteLinkBrowser (thanks to Andreas Fernandez) 2020-04-05 2a8ca70295 [TASK] Move ExceptionHandler tests into real class instances (thanks to Anja Leichsenring) 2020-04-04 49bca73dd3 [BUGFIX] Always show download icons in language pack module (thanks to Georg Ringer) 2020-04-04 35a0a3e4af [BUGFIX] Declare method of AspectFactory in matcher (thanks to Andreas Fernandez) 2020-04-02 6b35756c6f [BUGFIX] Do not cache on cObject level if global no_cache is active (thanks to Markus Klein) 2020-04-02 2a1bda4f7d [BUGFIX] Respect site for route persisted mappers (thanks to Oliver Hader) 2020-04-02 bca432f7d0 [BUGFIX] Clarify Extbase exception message (thanks to Benni Mack) 2020-04-02 4a3cb5eb74 [DOCS] Fix broken text role markup in changelog (thanks to Daniel Siepmann) 2020-04-01 1da57dfc1a [BUGFIX] Don't render dropdown arrow in selectSingleBox (thanks to Andreas Fernandez) 2020-04-01 707dff3981 [TASK] Add Typo3Version class (thanks to Benni Mack) 2020-04-01 ae8172cef8 [BUGFIX] Show correct value in translated single select + checkboxes (thanks to Benni Mack) 2020-03-31 64b406bcec [BUGFIX] Provide inlineParentUid in FormInlineAjaxController (thanks to Oliver Bartsch)