Änderungen im Rahmen des TYPO3 8.7 ELTS

ChangeLog TYPO3 Version 8.7 ELTS

Im ChangeLog sind die Änderungen an den einzelnen Versionen dokumentiert:

2021-08-16 1075b1807c [RELEASE] Release of TYPO3 8.7.43 (thanks to Andreas Fernandez)
2021-08-16 dc1a36ed90 [TASK] Upgrade to typo3/html-sanitizer v1.0.5 (thanks to Andreas Fernandez)
2021-08-16 820cf93320 [BUGFIX] Adjust default behavior of HTML sanitization in parseFunc (thanks to Oliver Hader)
2021-08-16 f3ff334282 [FEATURE] Introduce explicit f:sanitize.html view-helper (thanks to Oliver Hader)
2021-08-16 eee4953f4e [BUGFIX] Allow HTML node onclick events in generated frontend markup (thanks to Oliver Hader)
2021-08-12 ad9fe7b999 [TASK] Add status quo tests for f:format.html (thanks to Oliver Hader)
2021-08-12 34bbc8bcc7 [BUGFIX] Downgrade to old xdebug config (thanks to Andreas Fernandez)
2021-08-12 6b89e82cf3 [TASK] Forward initiator to typo3/html-sanitizer (thanks to Oliver Hader)
2021-08-12 73c142e643 [TASK] Upgrade to typo3/html-sanitizer v1.0.4 (thanks to Andreas Fernandez)
2021-08-12 eecdfb5d2b [TASK] Upgrade to typo3/html-sanitizer v1.0.3 (thanks to Andreas Fernandez)
2021-08-11 7f3496becb [TASK] Enhance documentation for integration of html-sanitizer (thanks to Tomas Norre Mikkelsen)
2021-08-11 171c68bf9f [BUGFIX] Accept JS spam protected email addresses (thanks to Torben Hansen)
2021-08-11 5f4e75888c Revert "[TASK] Declare core as replacement for t3g/svg-sanitizer" (thanks to Andreas Fernandez)
2021-08-10 4c187316e2 [TASK] Set TYPO3 version to 8.7.43-dev (thanks to Andreas Fernandez)

2021-08-10 2518b44d95 [RELEASE] Release of TYPO3 8.7.42 (thanks to Andreas Fernandez)
2021-08-10 2012f29a6c [SECURITY] Ensure XSS-safe rich text rendering (thanks to Oliver Hader)
2021-08-10 77196e7871 [BUGFIX] Render correct version information in Core Updater and reports module (thanks to Andreas Fernandez)
2021-08-10 1ff28f9eef [TASK] Declare core as replacement for t3g/svg-sanitizer (thanks to Oliver Hader)
2021-08-10 ff8a950064 [BUGFIX] Split tests in less chunks to reduce overall compute time (thanks to Andreas Fernandez)
2021-08-10 502a24b99e [TASK] Update enshrined/svg-sanitize to v0.14.1 (thanks to Oliver Hader)
2021-08-09 448f5fbdb3 [BUGFIX] Lint changed PHP files only (thanks to Andreas Fernandez)
2021-08-09 765aa15aa6 [TASK] Move builds to Github Actions (thanks to Andreas Fernandez)
2021-08-09 1e4b04b2ac [TASK] Set TYPO3 version to 8.7.42-dev (thanks to Andreas Fernandez)

2021-07-20 549efbd55f [RELEASE] Release of TYPO3 8.7.41 (thanks to Andreas Fernandez)
2021-07-20 d456fdd37b [SECURITY] Do not log sensitive data in authentication process (thanks to Oliver Hader)
2021-07-20 25fbebf7a0 [SECURITY] Mitigate XSS related to column names (thanks to Oliver Bartsch)
2021-07-20 d8a77b370b [SECURITY] Encode error messages in Query View (thanks to Oliver Hader)
2021-07-20 4024e87789 [TASK] Skip another SVG sanitizer test causing seg fault (thanks to Christian Kuhn)
2021-07-20 710cf1a35c [TASK] Skip SVG sanitizer test causing segmentation fault (thanks to Oliver Hader)
2021-07-20 fd1d28f517 [TASK] Mitigate downstream CSV code injection (thanks to Oliver Hader)
2021-07-20 25e2cf9718 [BUGFIX] Upgrade ckeditor4 (thanks to Andreas Fernandez)
2021-07-20 e434243de6 [BUGFIX] Correctly resolve best matching FAL storage (thanks to Oliver Hader)
2021-07-19 fbb89f7479 [TASK] Introduce SVG Sanitizer (thanks to Oliver Hader)
2021-06-29 60ae20e38f [BUGFIX] Avoid exception when trying to download a non-existing file (thanks to Oliver Hader)
2021-06-29 bc311ae605 [BUGFIX] Allow persisting PseudoFileReference via database form finisher (thanks to Oliver Hader)
2021-06-18 5d36ffc79e [BUGFIX] Proper form definition validation if backend language changes (thanks to Ralf Zimmermann)
2021-03-16 768565800b [BUGFIX] Replace algo26-matthias/idna-convert in EXT:core (thanks to Andreas Fernandez)
2021-03-16 745a706478 [TASK] Set TYPO3 version to 8.7.41-dev (thanks to Andreas Fernandez)

2021-03-16 18cadb5ddd [RELEASE] Release of TYPO3 8.7.40 (thanks to Andreas Fernandez)
2021-03-16 508671278a [SECURITY] Mitigate directly accessible file upload in form framework (thanks to Oliver Hader)
2021-03-16 3da15b5265 [BUGFIX] Fix serialization of FileReference objects (thanks to Benjamin Franzke)
2021-03-16 02e480fbfd [SECURITY] Mitigate XSS in PreviewRenderer for menus (thanks to Oliver Bartsch)
2021-03-16 c90682993f [SECURITY] Validate allowed values for form element editors (thanks to Ralf Zimmermann)
2021-03-16 81791cb730 [SECURITY] Avoid storing plain session identifier in $USER->uc (thanks to Oliver Hader)
2021-03-16 ef254cb10b [SECURITY] Prevent urls starting with // to be used for redirects (thanks to Torben Hansen)
2021-03-15 a3592edf13 [BUGFIX] Replace algo26-matthias/idna-convert with native PHP functionality (thanks to Andreas Fernandez)
2021-03-15 8acecee705 [BUGFIX] Fix serialization of FileReference objects (thanks to Benjamin Franzke)
2021-03-11 c653d3b823 [BUGFIX] Fix CGL in EXT:form's FluidFormRenderer.php (thanks to Andreas Fernandez)
2021-01-26 91675d82bd [BUGFIX] Loosen constraint of typo3/cms-composer-installers (thanks to Andreas Fernandez)
2021-01-25 a4dceec794 [TASK] Harden client-side SecurityUtility.encodeHtml (thanks to Oliver Hader)
2020-12-18 b84bf850e3 [TASK] Set TYPO3 version to 8.7.40-dev (thanks to Andreas Fernandez)

2020-12-18 cc80bde8e4 [RELEASE] Release of TYPO3 8.7.39 (thanks to Andreas Fernandez)
2020-11-27 a4f20b17e5 [BUGFIX] Update sessions in RedisBackend correctly (thanks to Markus Klein)
2020-11-25 ac9de6aa9f [BUGFIX] Use hashed sessionId to find existing session (thanks to Alexander Schnitzler)
2020-11-17 1797f780d6 [TASK] Set TYPO3 version to 8.7.39-dev (thanks to Andreas Fernandez)

2020-11-17 4883e8ebe6 [RELEASE] Release of TYPO3 8.7.38 (thanks to Andreas Fernandez)
2020-11-17 19ebe20c2f [SECURITY] Protect persisted session IDs from being used directly (thanks to Oliver Hader)
2020-11-17 4c1082ac18 [SECURITY] Encode passed arguments in Fluid view helpers (thanks to Andreas Fernandez)
2020-11-17 9596680d53 [BUGFIX] Update typo3fluid/fluid to v2.6.10 (thanks to Andreas Fernandez)
2020-11-17 757c1a2ad2 [TASK] Update friendsofphp/php-cs-fixer to 2.16.4 (thanks to Andreas Fernandez)
2020-11-12 9832f602ea [TASK] Upgrade typo3/phar-stream-wrapper to v3.1.6 (thanks to Alexander Schnitzler)
2020-11-12 18dff72ace [TASK] Support installation via Composer 2 (thanks to Andreas Fernandez)
2020-11-09 1cb18f58d8 [BUGFIX] Do not use named parameter for list of ids in plain data resolver (thanks to Alexander Schnitzler)
2020-11-02 f72a755f22 [TASK] Update build plans (thanks to Andreas Fernandez)
2020-09-08 5a64de95d3 [TASK] Set TYPO3 version to 8.7.38-dev (thanks to Andreas Fernandez)

2020-09-08 daa6a38101 [RELEASE] Release of TYPO3 8.7.37 (thanks to Andreas Fernandez)
2020-08-10 80c53b1b1d [BUGFIX] Ensure decoded parameters are a valid array (thanks to Oliver Hader)
2020-07-28 70cb1db258 [TASK] Set TYPO3 version to 8.7.37-dev (thanks to Andreas Fernandez)

2020-07-28 8eb84c0b2e [RELEASE] Release of TYPO3 8.7.36 (thanks to Andreas Fernandez)
2020-07-27 57cb9ee157 [TASK] Switch to json_encode for tx_cms_showpic parameters (thanks to Oliver Hader)
2020-07-27 b2e06201f2 [SECURITY] Avoid ambiguous HMAC results (thanks to Oliver Hader)
2020-07-27 917bd81843 [SECURITY] Apply file deny pattern to eID API used for file retrieval (thanks to Oliver Hader)
2020-07-21 e31cf3d40b [BUGFIX] Fix namespaces in test classes (thanks to Andreas Fernandez)
2020-07-20 0317f91dd1 [TASK] Switch to json_encode for file folder tree (thanks to Oliver Hader)
2020-07-07 40d5bdd248 [TASK] Set TYPO3 version to 8.7.36-dev (thanks to Andreas Fernandez)

2020-07-07 ec5d4801fe [RELEASE] Release of TYPO3 8.7.35 (thanks to Andreas Fernandez)
2020-06-02 a05413370b [BUGFIX] Use URI of current request for referrer check (thanks to Andreas Fernandez)
2020-05-22 78f44ab066 [BUGFIX] Remove BlockSerializationTrait from AbstractWriter (thanks to Andreas Fernandez)
2020-05-19 59cfd4baa3 [TASK] Set TYPO3 version to 8.7.35-dev (thanks to Andreas Fernandez)

2020-05-19 eb54c7bbba [RELEASE] Release of TYPO3 8.7.34 (thanks to Andreas Fernandez)
2020-05-19 67b52e8476 [BUGFIX] Allow arbitrary objects in widget context (thanks to Oliver Hader)
2020-05-19 73d2d1b249 [BUGFIX] Allow multiple referrer types in backend main route (thanks to Susanne Moog)
2020-05-19 1b4b34d16a [BUGFIX] Properly (un)serialize ReflectionService (thanks to Alexander Schnitzler)
2020-05-19 242fbe429f [BUGFIX] Use correctly terminated HTML block elements (thanks to Oliver Hader)
2020-05-19 ac60c3ca88 [BUGFIX] Check for existence of t3js-login-url id in Login dialog (thanks to Oliver Hader)
2020-05-19 2506cfbaaa [BUGFIX] Relax constraints on serializing objects (thanks to Oliver Hader)
2020-05-12 bd41b27e7c [TASK] Set TYPO3 version to 8.7.34-dev (thanks to Andreas Fernandez)

2020-05-12 bdaa68de32 [RELEASE] Release of TYPO3 8.7.33 (thanks to Andreas Fernandez)
2020-05-12 7f622f9780 [SECURITY] Mitigate bypassing CSRF token via XSS (thanks to Andreas Fernandez)
2020-05-12 1d2e52fd6d [SECURITY] Avoid insecure deserialization of $BE_USER->uc properties (thanks to Andreas Fernandez)
2020-05-12 0f2d75e67b [SECURITY] Prevent destructors with side-effects from being unserialized (thanks to Andreas Fernandez)
2020-05-12 4ea5502842 [TASK] Incorporate changes of jQuery version 3.5.0 (thanks to Andreas Fernandez)
2020-05-12 5e364e321e [SECURITY] Escape shortened placeholder text in HTML output (thanks to Andreas Fernandez)
2020-05-12 1b1b0f2a32 [BUGFIX] Reintroduce Extbase referring argument handling (thanks to Andreas Fernandez)
2020-05-12 6daa7b1fca [BUGFIX] Fully check dependencies of dependencies (thanks to Andreas Fernandez)
2020-05-12 c8be5938c7 [BUGFIX] Update ckeditor to 4.14.0 (thanks to Andreas Fernandez)
2020-05-12 fbf4919280 [TASK] Update copyright year (thanks to Andreas Fernandez)
2020-05-08 15096cb0ff [TASK] Backport local test suite (thanks to Andreas Fernandez)
2020-05-08 e7e4d9d218 [TASK] Refine Bamboo build plans for ELTS needs (thanks to Andreas Fernandez)
2020-04-16 9e1c91aed8 [BUGFIX] Do not generate links to not reachable pages (thanks to Markus Klein)
2020-04-02 0d719fe187 [BUGFIX] Do not cache on cObject level if global no_cache is active (thanks to Markus Klein)
2020-03-31 ce559350c9 [TASK] Set TYPO3 version to 8.7.33-dev (thanks to Benni Mack)


Aktualisiert: 01.09.2021