TYPO3 9.5.23
20 November 2020
TYPO3 version 9.5.23 is now available (security release).
What's New in TYPO3 9.5.23
- [SECURITY] Protect persisted session IDs from being used directly (thanks to Oliver Hader)
- [SECURITY] Encode passed arguments in Fluid view helpers (thanks to Oliver Hader)
- [SECURITY] Upgrade typo3fluid/fluid to v2.6.10 (thanks to Oliver Hader)
- [BUGFIX] Do not try to evaluate fe_groups for page overlays (thanks to Markus Klein)
- [BUGFIX] Do not use AdminPanel reference in EXT:frontend code (thanks to Benni Mack)
- [TASK] Introduce resource Content-Security-Policy check (thanks to Oliver Hader)
- [TASK] Introduce sudo mode for install tool accessed via backend (thanks to Oliver Hader)
- [BUGFIX] Show flag for language "All" in the Page module (thanks to Dmitry Dulepov)
- [TASK] Streamline server response check (thanks to Oliver Hader)
- [DOCS] Improve documentation for Fluid f:translate viewhelper (thanks to Peter Kraume)
- [BUGFIX] Do not consider empty files being an image or media file (thanks to Helmut Hummel)
- [BUGFIX] Felogin allows redirect to any site (thanks to Markus Klein)
- [BUGFIX] Reintroduce the check on options.saveDocNew (thanks to Xavier Perseguers)
- [FEATURE] Add options to locally test on composer min and max stages (thanks to Anja Leichsenring)
- [FEATURE] Allow more DBMS-Versions for local testing (thanks to Anja Leichsenring)
- [BUGFIX] Fix type error in TCA table wizard for null values (thanks to Daniel Siepmann)
- [TASK] Upgrade typo3/phar-stream-wrapper to v3.1.6 (thanks to Oliver Hader)
- [TASK] Enforce Composer 2 usage for TYPO3 development (thanks to Helmut Hummel)
- [BUGFIX] Provide colPos for each cell in defLangBinding view (thanks to Oliver Bartsch)
- [BUGFIX] Apply fixes from newer php-cs-fixer (thanks to Andreas Fernandez)
- [TASK] Update build plans to support Composer 2 (thanks to Andreas Fernandez)
- [DOCS] Update linkvalidator documentation: Administration (thanks to Sybille Peters)
- [BUGFIX] Mark page for previewing when admin panel is active (thanks to Benni Mack)
- [DOCS] Update linkvalidator documentation Introduction (thanks to Sybille Peters)
- [BUGFIX] Limit doctrine/dbal to 2.10.x or 2.11.2+ (thanks to Markus Klein)
- [BUGFIX] Fix PHP type error in f:form.select.optgroup view helper (thanks to Oliver Hader)
- [BUGFIX] Migrate the most accurate RealURL page path to page slugs (thanks to Mathias Brodala)
- [BUGFIX] Quote double quotes in CSV integrity fix script (thanks to Christian Kuhn)
- [BUGFIX] Fix SQL error in backend user list on PostgreSQL (thanks to Stephan Großberndt)
- [BUGFIX] Fix type error in log upgrade wizard (thanks to Georg Großberger)
- [BUGFIX] If is_regexp = 1 then source_path must wrap in # (thanks to Mohsin Khan)
- [BUGFIX] Use correct regular expression in FormDefinitionConversionService (thanks to Georg Ringer)
- [TASK] Define callable controller actions (thanks to Oliver Hader)