TYPO3 9.5.28
3 August 2021
TYPO3 version 9.5.28 is now available (security release).
What's New in TYPO3 9.5.28
- [SECURITY] Do not log sensitive data in authentication process
- [SECURITY] Mitigate XSS related to column names
- [SECURITY] Encode error messages in Query View
- [SECURITY] Mitigate XSS in viewpage
- [TASK] Mitigate downstream CSV code injection
- [BUGFIX] Upgrade packages chart.js, codemirror, ckeditor4
- [TASK] Skip another SVG sanitizer test causing seg fault
- [TASK] Skip SVG sanitizer test causing segmentation fault
- [TASK] Backport SecurityUtility.stripHtml()
- [TASK] Streamline identifier usage in SvgFilesSanitization upgrade wizard
- [BUGFIX] Correctly resolve best matching FAL storage
- [TASK] Adjust RST syntax in SVG sanitizer documentation
- [TASK] Introduce SVG Sanitizer
- [TASK] Reflect patched jQuery state
- [BUGFIX] Unlink temp files in import of ext:impexp
- [BUGFIX] Declare guzzlehttp/psr7 dependency
- [TASK] Extract common site test aspects to trait
- [DOCS] Add note about TSconfig behaviour in EXT:linkvalidator
- [TASK] Remove a library dependent view helper test
- [BUGFIX] Avoid reloading backend login form for checking HTTP referrer
- [TASK] Update url to license information
- [TASK] Add tests for route enhancers having nested arguments declaration
- [BUGFIX] Handle LEFT JOINs in Extbase correctly
- [BUGFIX] Allow persisting PseudoFileReference via database form finisher
- [TASK] Streamline routing related phpDoc comments & annotations
- [BUGFIX] Fix Typo3DbQueryParserTest for custom php timezones
- [BUGFIX] Delay error handler registration