Änderungen im Rahmen des TYPO3 7.6 ELTS

ChangeLog TYPO3 Version 7.6 ELTS

Im ChangeLog sind die Änderungen an den einzelnen Versionen dokumentiert:

2021-07-20 e4cb5dfb7e [RELEASE] Release of TYPO3 7.6.52 (thanks to Andreas Fernandez)
2021-07-20 7f77c92e8f [SECURITY] Do not log sensitive data in authentication process (thanks to Oliver Hader)
2021-07-20 19f180ad62 [TASK] Skip another SVG sanitizer test causing seg fault (thanks to Christian Kuhn)
2021-07-20 c052a2b4d2 [TASK] Skip SVG sanitizer test causing segmentation fault (thanks to Oliver Hader)
2021-07-20 21bfa4d949 [TASK] Mitigate downstream CSV code injection (thanks to Oliver Hader)
2021-07-20 dfe25eb497 [BUGFIX] Correctly resolve best matching FAL storage (thanks to Oliver Hader)
2021-07-19 0bad5fa979 [TASK] Introduce SVG Sanitizer (thanks to Oliver Hader)
2021-07-16 39784adc78 [TASK] Use latest possible php-cs-fixer and add CGL check to CI (thanks to Andreas Fernandez)
2021-07-16 6a75a5663e [TASK] Backport local test suite (thanks to Andreas Fernandez)
2021-07-16 1f66d8ac71 [BUGFIX] Remove invalid declare(strict_types) from test file (thanks to Andreas Fernandez)
2021-07-01 7dbebe8dea [BUGFIX] Revert htmlspecialchars in ViewHelpers in some cases (thanks to Andreas Fernandez)
2021-06-29 c25eedb84f [BUGFIX] Avoid exception when trying to download a non-existing file (thanks to Oliver Hader)
2021-03-16 dcabb75592 [TASK] Set TYPO3 version to 7.6.52-dev (thanks to Andreas Fernandez)

2021-03-16 57fb22df8f [RELEASE] Release of TYPO3 7.6.51 (thanks to Andreas Fernandez)
2021-03-16 1330ee61c1 [SECURITY] Mitigate XSS in PreviewRenderer for menus (thanks to Oliver Bartsch)
2021-03-16 fe3fc460b8 [SECURITY] Avoid storing plain session identifier in $USER->uc (thanks to Oliver Hader)
2021-03-16 5c0b375e65 [SECURITY] Prevent urls starting with // to be used for redirects (thanks to Torben Hansen)
2021-03-15 6218209749 [BUGFIX] Workaround Fluid issues with PCRE without JIT available (thanks to Andreas Fernandez)
2021-01-26 16a4651c59 [BUGFIX] Loosen constraint of typo3/cms-composer-installers (thanks to Andreas Fernandez)
2021-01-25 a017f29839 [TASK] Harden client-side SecurityUtility.encodeHtml (thanks to Oliver Hader)
2020-12-18 efd8ae8250 [TASK] Set TYPO3 version to 7.6.51-dev (thanks to Andreas Fernandez)

2020-12-18 50e2d0049f [RELEASE] Release of TYPO3 7.6.50 (thanks to Andreas Fernandez)
2020-12-04 3ff6467dd7 [BUGFIX] Raise upper limit of date fields in TCA (thanks to Frank Naegler)
2020-11-17 75569b7b19 [TASK] Set TYPO3 version to 7.6.50-dev (thanks to Andreas Fernandez)

2020-11-17 3e9769b5f8 [RELEASE] Release of TYPO3 7.6.49 (thanks to Andreas Fernandez)
2020-11-17 2792356d1a [BUGFIX] Remove erroneous path casing workaround (thanks to Andreas Fernandez)
2020-11-17 2b8811631a [TASK] Set TYPO3 version to 7.6.49-dev (thanks to Andreas Fernandez)

2020-11-17 47413cbaff [RELEASE] Release of TYPO3 7.6.48 (thanks to Andreas Fernandez)
2020-11-17 cead1b3071 [SECURITY] Protect persisted session IDs from being used directly (thanks to Alexander Schnitzler)
2020-11-17 69d60e991a [SECURITY] Encode passed arguments in Fluid view helpers #19 (thanks to Andreas Fernandez)
2020-11-17 495e050ef7 [SECURITY] Address XSS vulnerabilities in Fluid (thanks to Andreas Fernandez)
2020-11-12 28f2422f2b [TASK] Upgrade typo3/phar-stream-wrapper to v2.2.1 (thanks to Andreas Fernandez)
2020-11-12 f8cd15e3ab [TASK] Support installation via Composer 2 (thanks to Andreas Fernandez)
2020-11-02 b31f53f99b [TASK] Update build plans (thanks to Andreas Fernandez)
2020-09-08 c9cd863989 [TASK] Set TYPO3 version to 7.6.48-dev (thanks to Andreas Fernandez)

2020-09-08 ebf9a7fcf7 [RELEASE] Release of TYPO3 7.6.47 (thanks to Andreas Fernandez)
2020-08-10 56a7c7da26 [BUGFIX] Ensure decoded parameters are a valid array (thanks to Oliver Hader)
2020-07-28 07e4c6877e [TASK] Set TYPO3 version to 7.6.47-dev (thanks to Andreas Fernandez)

2020-07-28 84665792ba [RELEASE] Release of TYPO3 7.6.46 (thanks to Andreas Fernandez)
2020-07-27 65c222c10f [TASK] Switch to json_encode for tx_cms_showpic parameters (thanks to Oliver Hader)
2020-07-27 195d1adc89 [SECURITY] Avoid ambiguous HMAC results (thanks to Oliver Hader)
2020-07-27 272910f4ca [SECURITY] Apply file deny pattern to eID API used for file retrieval (thanks to Oliver Hader)
2020-07-27 fe57ed790f [TASK] Set upper PHP version constraint (thanks to Andreas Fernandez)
2020-07-27 d2bb4fe694 [TASK] Update typo3/phar-stream-wrapper and brumann/polyfill-unserialize (thanks to Andreas Fernandez)
2020-07-23 72c7cfc164 [BUGFIX] Use correct implode(string, array) syntax (thanks to Andreas Fernandez)
2020-07-20 d0d337977e [TASK] Switch to json_encode for file folder tree (thanks to Oliver Hader)
2020-07-07 1b2328cb7f [TASK] Set TYPO3 version to 7.6.46-dev (thanks to Andreas Fernandez)

2020-07-07 cbc1920c37 [RELEASE] Release of TYPO3 7.6.45 (thanks to Andreas Fernandez)
2020-07-07 3dac9b42d3 [BUGFIX] Add missing unset method for localStorage (thanks to Andreas Fernandez)
2020-07-07 057bbb10a8 [TASK] Set TYPO3 version to 7.6.45-dev (thanks to Andreas Fernandez)

2020-07-07 5f3cd84e60 [RELEASE] Release of TYPO3 7.6.44 (thanks to Andreas Fernandez)
2020-06-02 3c7efb62ad [BUGFIX] Use URI of current request for referrer check (thanks to Andreas Fernandez)
2020-05-22 2d18b55759 [BUGFIX] Remove BlockSerializationTrait from AbstractWriter (thanks to Andreas Fernandez)
2020-05-19 6fe4745e05 [TASK] Set TYPO3 version to 7.6.44-dev (thanks to Andreas Fernandez)

2020-05-19 68ac011471 [RELEASE] Release of TYPO3 7.6.43 (thanks to Andreas Fernandez)
2020-05-19 7c15739879 [BUGFIX] Swap operands in ternary operator in GraphicalFunctions (thanks to Andreas Fernandez)
2020-05-19 1cd6af010a [BUGFIX] Reintroduce Extbase referring argument handling (thanks to Oliver Hader)
2020-05-19 dc8b0779f3 [BUGFIX] Allow arbitrary objects in widget context (thanks to Oliver Hader)
2020-05-19 1dfcc9e7a0 [BUGFIX] Allow multiple referrer types in backend main route (thanks to Susanne Moog)
2020-05-19 d1824df55f [BUGFIX] Properly (un)serialize ReflectionService (thanks to Alexander Schnitzler)
2020-05-19 917dd9c619 [BUGFIX] Check for existence of t3js-login-url id in Login dialog (thanks to Oliver Hader)
2020-05-19 dbc896e9f3 [BUGFIX] Relax constraints on serializing objects (thanks to Oliver Hader)
2020-05-12 3636a1306e [TASK] Set TYPO3 version to 7.6.43-dev (thanks to Andreas Fernandez)

2020-05-12 edf36d143d [RELEASE] Release of TYPO3 7.6.42 (thanks to Andreas Fernandez)
2020-05-12 bfe5df7122 [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Andreas Fernandez)
2020-05-12 cecf68aae3 [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Andreas Fernandez)
2020-05-12 403e7bee67 [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Andreas Fernandez)
2020-05-12 0f786c1ad3 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez)
2020-05-12 81a990ec9b [SECURITY] Escape shortened placeholder text in HTML output (thanks to Andreas Fernandez)
2020-05-12 10c61f1df9 [BUGFIX] Fully check dependencies of dependencies (thanks to Andreas Fernandez)
2020-05-12 a783133b74 [TASK] Update copyright year (thanks to Andreas Fernandez)
2020-03-19 1359c2c3c7 [BUGFIX] Update build plan (thanks to Andreas Fernandez)
2020-01-27 8a3a42736e [TASK] Set TYPO3 version to 7.6.42-dev (thanks to Andreas Fernandez)

2020-01-27 127dc7a3a8 [RELEASE] Release of TYPO3 7.6.41 (thanks to Andreas Fernandez)
2020-01-27 263ab615e6 [BUGFIX] Ensure ZipService->extract sets proper permissions (thanks to Andreas Fernandez)
2019-12-17 38f55c5c95 [TASK] Set TYPO3 version to 7.6.41-dev (thanks to Andreas Fernandez)

2019-12-17 e7abe0c4e8 [RELEASE] Release of TYPO3 7.6.40 (thanks to Andreas Fernandez)
2019-12-17 210248b4be [SECURITY] Avoid XSS by correctly encoding typolink results (thanks to Oliver Hader)
2019-12-17 1b1cbc3b10 [SECURITY] Prevent SQLi in ext:lowlevel QueryGenerator (thanks to Frank Naegler)
2019-12-17 ab2639f75b [TASK] Streamline frontend user password recovery process (thanks to Oliver Hader)
2019-12-17 7368f69825 [SECURITY] Avoid directory traversal on archive extraction (thanks to Andreas Fernandez)
2019-12-17 749ac0c1a5 [SECURITY] XSS in file list through file extension (thanks to Andreas Fernandez)
2019-12-17 b66cdbf28c [SECURITY] Avoid insecure deserialization in QueryGenerator & QueryView (thanks to Frank Naegler)
2019-12-16 ab2de5cc12 [SECURITY] Avoid possible insecure deserialization in Extbase (thanks to Oliver Hader)
2019-12-09 eb76b620bf [BUGFIX] Prevent encoding of search form (thanks to Andreas Fernandez)

2019-08-20 b315872cde [RELEASE] Release of TYPO3 7.6.39 (thanks to Andreas Fernandez)
2019-07-30 ecd134ad65 [BUGFIX] Set empty iframe src for Webkit and Chrome (thanks to Andreas Fernandez)

2019-06-25 a6bc9651d8 [RELEASE] Release of TYPO3 7.6.38 (thanks to Andreas Fernandez)
2019-06-25 edadf9dd8b [SECURITY] Disallow insecure deserialization for l18n_diffsource (thanks to Andreas Fernandez)
2019-06-25 26ca450341 [SECURITY] Deny pages' TSconfig and tsconfig_includes for non-admins (thanks to Andreas Fernandez)
2019-06-25 1acbfed069 [SECURITY] Check record permissions in record information popup (thanks to Andreas Fernandez)
2019-06-19 adb3a021ce Update typo3/phar-stream-wrapper to version 2.1.2 (thanks to Anja Leichsenring)
2019-05-23 8db8dd1062 [BUGFIX] HTMLArea/Edge: Restore selection when using ElementBrowser (thanks to Andreas Fernandez)

2019-05-08 70a4e36dbe [RELEASE] Release of TYPO3 7.6.37 (thanks to Anja Leichsenring) 
2019-05-08 cd4de994ad [SECURITY] Enclose file type scope when invoking ImageMagick (thanks to Andreas Fernandez) 
2019-05-07 69c388b9c1 [BUGFIX] Use `CommandUtility::escapeShellArgument()` over non-existent `wrapFileName()` (thanks to Andreas Fernandez) 
2019-05-07 60b7d39aad [BUGFIX] Add missing DatabaseConnectionMock::isConnected() (thanks to Andreas Fernandez)
2019-05-07 818709a0fc [BUGFIX] Check existence of `jQuery` prior to `TYPO3.jQuery` (thanks to Andreas Fernandez)

2019-05-07 3606857f76 [RELEASE] Release of TYPO3 7.6.36 (thanks to Anja Leichsenring) 
2019-05-07 5fe03109a3 [SECURITY] Destroy sessions on password change (thanks to Frank Naegler) 
2019-05-07 1ffbba3183 [SECURITY] Enclose file type scope when invoking ImageMagick (thanks to Susanne Moog) 
2019-05-07 ff112fc53d [BUGFIX] Avoid showing password on MacBook touch bar in backend forms (thanks to Andreas Fernandez) 
2019-05-03 0d842db7fa [TASK] Incorporate changes of jQuery version to 3.4.0 (thanks to Andreas Fernandez) 
2019-05-02 1b43b33feb [TASK] Raise twitter bootstrap to 3.4.1 (thanks to Andreas Fernandez) 
2019-03-20 d23dc3a912 [TASK] Add ChangeLog for 7.6.35 (thanks to Anja Leichsenring) 
2019-03-19 92a8aa2125 [TASK] Set TYPO3 version to 7.6.36-dev (thanks to Anja Leichsenring)

2019-03-19 a8b7a41474 [RELEASE] Release of TYPO3 7.6.35 (thanks to Anja Leichsenring) 
2019-03-18 9318448c30 [!!!][SECURITY][BUGFIX] Use parseFunc to render content objects in EXT:form (thanks to Andreas Fernandez) 
2019-03-18 b3a826d6f1 [BUGFIX] Do not use about:blank as src in other Webkit browsers than Chrome (thanks to Andreas Fernandez) 
2019-03-15 5ea2fd19f0 [SECURITY] XSS in case RTE is disabled (thanks to Oliver Hader) 
2019-03-14 48af6d7abb [BUGFIX] Use non-JavaScript based iframe src (thanks to Andreas Fernandez) 
2019-02-28 71c35d1108 [TASK] tgt-1700 composer wants lowercase mikey179/vfsStream (thanks to Christian Kuhn) 
2019-01-25 13922a63e2 [TASK] bamboo: db dependency loop needs break condition (thanks to Anja Leichsenring) 
2019-01-23 8356dfad36 [TASK] Set TYPO3 version to 7.6.35-dev (thanks to Anja Leichsenring)

2019-01-23 092b30dcc5 [RELEASE] Release of TYPO3 7.6.34 (thanks to Anja Leichsenring) 
2019-01-23 e3d2482c76 [TASK] Add ChangeLog for 7.6.34 (thanks to Anja Leichsenring) 
2019-01-23 cd37b3d16e [BUGFIX] Remove compression of requirejs-loader.js (thanks to Frank Nägler) 
2019-01-22 3da5d20c1b [TASK] Add ChangeLog for 7.6.33 (thanks to Anja Leichsenring) 
2019-01-22 ae64d03730 [TASK] Set TYPO3 version to 7.6.34-dev (thanks to Anja Leichsenring)
2019-01-22 0e6edc960a [RELEASE] Release of TYPO3 7.6.33 (thanks to Anja Leichsenring) 

2019-01-22 0e6edc960a [RELEASE] Release of TYPO3 7.6.33 (thanks to Anja Leichsenring) 
2019-01-22 cbab187874 [SECURITY] Avoid disclosing loaded extensions (thanks to Oliver Hader) 
2019-01-22 73d16a1227 [SECURITY] Extend file deny pattern (thanks to Oliver Hader) 
2019-01-22 169d721fc7 [SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components (thanks to Anja Leichsenring) 
2019-01-22 1450cc1719 [SECURITY] XSS issues in Fluid view helpers (thanks to Anja Leichsenring) 
2019-01-22 3dc79ae69c [SECURITY] Backend user privilege escalation for language limitations (thanks to Oliver Hader) 
2019-01-22 16609ee4f4 [SECURITY] Avoid creation of backend users without password (thanks to Oliver Hader) 
2019-01-22 da9e834936 [BUGFIX] Harden CommandUtility invocations (thanks to Oliver Hader) 
2019-01-22 814f8c147c [TASK] Adjust copyright year (thanks to Anja Leichsenring) 
2018-12-11 766133d5f9 [TASK] Set TYPO3 version to 7.6.33-dev (thanks to Oliver Hader)


Aktualisiert: 27.07.2021