TYPO3 10 LTS

Version 10.0, the first sprint release on the way to version 10 LTS, was published on 23.07.2019.

As the focus of version 10.0 is on "clean-up work", a large number of changes have been made in this release. This makes it possible to introduce new libraries, modern concepts and optimized APIs at an early stage of development.

What is planned for version 10?

Ambitious and important goals have been set for TYPO3 v10 LTS. The following improvements are at the top of the list and will continue to evolve in all upcoming sprint releases:

• Enable TYPO3 integrators to easily configure the system
• Allow TYPO3 editors, administrators and extension developers to benefit from best practices
• Use stable and established standards and PHP packages to achieve stable APIs throughout the TYPO3 core
• Make daily work with TYPO3 even more enjoyable

This was only a relatively small part of the changes and new features in version 10.1.

You can find a detailed list in the ChangeLog.

Version 10.2, the last sprint release of 2019, was published on December 3. It already included some innovations that were developed a few weeks earlier during the TYPO3 Initiative Week (T3INIT19). You can find a few of them here.

Backend users can now navigate through the page tree using the keyboard, for example with the arrow keys, "home", "end", "enter", "space", etc.

The website title is now defined via the Site Configiration module. This means that the title can also be easily adapted per language in multilingual websites.

The title field in the template (sys_template) has been marked as "deprecated" and will no longer be available in TYPO3 11.

TYPO3's Link Validator is configured as a scheduler task and aims to detect broken links throughout the system. This function has been further extended and now supports pages, files and even external links. External links can now also be validated on-the-fly.

This version paves the way for a state-of-the-art environment. TYPO3 v10.2 not only supports Symfony version 5.0, but is also the first TYPO3 release to support PHP version 7.4. Work is even underway to make TYPO3 v9 compatible with PHP 7.4.

As always, a lot more has happened under the hood, which is particularly relevant for core and extension developers.

All changes are again summarized in the "What's new" PDF, which you can download from the TYPO3 website.

On February 25, version 10.3 was the last sprint release before the release of 10.4 LTS, which is scheduled for April 21.

lockIP setting deactivated by default

The default value for the lockIP settings has been changed to "disabled". This affects the following four settings:

- FE->lockIP
- FE->lockIPv6
- BE->lockIP
- BE->lockIPv6

Although the setting is actually intended to increase security, there are some use cases where its use leads to problems, such as suddenly logging out of the backend. Especially when using ipV4 and ipV6, it can be problematic if the user's IP address suddenly changes.

New translation server

Work on the new translation server has been completed so that it is used by default.

The SaaS solution Crowdin is used to make the localization of the TYPO3 core and all involved extensions as easy as possible for everyone.

If you are interested in improving the localization, register at crowdin.com and suggest translations to the official TYPO3 project, which can be found at crowdin.com/project/typo3-cms.

The documentation about the integration is part of the official TYPO3 documentation and
is available at docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Internationalization/TranslationServer/Crowdin.html.
It also covers how to make your extension available to Crowdin as a developer.

Only import files with the extension .typoscript

With the new @import method, you can also import entire directories in TypoScript. Previously, however, all files in the respective directory were imported, regardless of the file extension.
The new behavior only takes into account files with the extension .typoscript.
If you also want to import files with other extensions (e.g. *.ts, *.txt etc.), you must specify this explicitly.

SEO and social media fields in the info module

There are two new areas in the info backend module (SEO and Social Media) where you can display an overview of the corresponding fields.

Asset collector for JavaScript and CSS

The new asset collectors, which can be used as view helpers in the Fluidtemplate or via PHP, can be used to integrate CSS and JavaScript in a modular way. For example, CSS and JS files for custom content elements can only be loaded if these content elements are actually used on a page (keyword: web components). The "identifier" parameter ensures that the integration is not carried out more than once.

Example for fluid templates:

<f:asset.css identifier="identifier123" href="EXT:my_ext/Resources/Public/Css/foo.css" />
<f:asset.css identifier="identifier123">
   .foo { color: black; }
</f:asset.css>

<f:asset.script identifier="identifier123" src="EXT:my_ext/Resources/Public/JavaScript/foo.js" />
<f:asset.script identifier="identifier123">
   alert('hello world');
</f:asset.script>

Lazy loading for images

Browser-native lazy loading for images can be activated via a Fluid Styled Content constant. Many current browsers already support this.

Improved backend user module

The "Backend users" module now shows more details about TYPO3 administrators and editors:

• All assigned groups, including subgroups, are now evaluated
• All data that can be set in the backend user or an assigned group is now displayed, including the allowed page types
• Read and write access to tables
• A new "detail view" for a TYPO3 backend user has been added

The comparison of users is now more powerful. It is now easier for TYPO3 administrators to check backend user permissions without having to switch to the actual user.

View YAML configuration of forms

If forms are used via the "Form" system extension, their YAML configuration can be viewed in the "Configuration" backend module.

Dashboard

In the new "Dashboard" backend module, various information can be displayed to the user via so-called widgets. This can be, for example, the display of external RSS feeds, links to documentation, graphs on the number of errors in the system log and much more.
Some widgets are already supplied, it is also documented how you can create your own widgets and in the TER you will also find one or two extensions that provide new widgets.

Each backend user can create one or more customized dashboards with information that is important to them.

Improvements in the Extension Manager

The Extension Manager has two new filter functions to display only system or third-party extensions. The table of extensions can also be sorted according to various criteria by clicking on the column name.

Fluid-based system e-mails

Emails sent by TYPO3 (e.g. from the install tool) are now multipart emails and are based on fluid templates. The templates can therefore also be customized as desired, e.g. via a custom extension.

Of course, there are many more changes and innovations in this version, especially under the hood, which is interesting and relevant for core and extension developers.

As usual, all changes can also be found in the official documentation: https: //docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/10.3/Index.html

On April 21, 2020, the time had finally come and TYPO3 10.4 LTS, the final version with Long Term Support (i.e. the regular supply of updates for 3 years), was released.

We show a few of the most interesting features here. A complete list is of course available at docs.typo3.org

Content Element Filter

A backend user can now search for a range of content types in the New Content Element wizard. When a user enters a search query, any content type whose title or description does not match the query will be hidden from the user. Since content types are grouped into tabs, tabs with no content will be disabled for the user. If the currently active tab becomes empty, the next available tab is activated.

"Forgot password" function for backend users

It is now possible for TYPO3 backend users who log in with the default username/password mechanism to reset their password by triggering an email via the login form.

The reset link will only be displayed if there is at least one user who meets the following criteria:

• The user has a previously entered password (used to indicate that no third party login has been used)
• The user has added a valid email address to their user record
• The user is neither deleted nor deactivated
• The email address is only used once among all backend users of the instance

Once the user has entered their email address, an email is sent with a link to set a new password, which must be at least 8 characters long.

The link is valid for 2 hours and a token is added to the link.

If the password is entered correctly, it will be updated for the user and they will be able to log in.

Some notes on security:

No reset function is provided for multiple users with the same e-mail address.
There is no built-in information sharing, i.e. if the e-mail address is not in the system, it is not visible to the outside world.
Only a maximum of three e-mails per e-mail address are permitted within 30 minutes.
The tokens are stored in the database for the backend users, but are hashed again just like the password
If a user has successfully logged in (e.g. because they have remembered the password), the token is removed from the database, rendering all existing email links invalid.
The function is activated by default and can be completely deactivated via the system-wide configuration option:

$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset']

Optionally, it is possible to restrict this function to non-administrators only by setting the following system-wide option to "false".

$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins']

Both options can be configured in the Maintenance Area => Settings module or in the Install Tool, but can also be set manually via typo3conf/LocalConfiguration.php or typo3conf/AdditionalConfiguration.php.

It is also possible for administrators to reset a user's password. This is particularly useful for security reasons, so that an administrator does not have to send a user a password in plain text (e.g. by e-mail).

The administrator can use the CLI command:

./typo3/sysext/core/bin/typo3 backend:resetpassword https://www.example.com/typo3/ editor@example.com

where the URL to the backend and the user's email address must be specified:

backend:resetpassword <backendurl> <email>

Alternatively, it is possible for administrators to use the "Backend user" module and select the reset password button to initiate the process of resetting the password for a specific user.

Both options are only available for users who have set an email address and password.

Compare backend user groups

Integrators are now able to compare individual backend user groups. Backend user groups are used to divide permissions into smaller parts that can later be assigned to a backend user. With this function, it is possible to compare the defined authorizations including the authorizations inherited from subgroups.

Site settings as constants in TypoScript and TSconfig

Before TYPO3 v10.0 it was possible to insert information from the PageTSconfig into TypoScript constants with TSFE.constants.const1 = a.

This could be used to e.g. centralize the configuration of record storagePids, which could then be used in the backend for modules or for IRRE and for frontend plugins.

This old function has been removed as it was recommended to include site settings. However, the corresponding new feature that was added with TYPO3 v10 was reverted in v10.1.

This new implementation now allows site settings to be defined via config/sites/<site-name>/config.yaml.

The newly introduced settings within config.yaml are provided as TypoScript constants and Page TSconfig constants.

An example configuration in config/sites/<site-name>/config.yaml:

settings:
  categoryPid: 658
  styles:
    content:
      loginform:
        pid: 23

This makes these constants available both in the TypoScript template and in PageTSconfig:

• {$categoryPid}
• {$styles.content.loginform.pid}

The newly introduced constants for PageTSconfig can be used just like constants in TypoScript.

They can be used in PageTSconfig as follows:

# store tx_ext_data records on the given storage page by default (e.g. through IRRE)
TCAdefaults.tx_ext_data.pid = {$categoryPid}
# load category selection for plugin from out dedicated storage page
TCEFORM.tt_content.pi_flexform.ext_pi1.sDEF.categories.PAGE_TSCONFIG_ID = {$categoryPid}

A number of functions have also been marked as deprecated, and there are a number of changes that are of particular interest to developers and programmers. Here we refer to the ChangeLog.