Tue. 12th May, 2020
The versions 10.4.2 and 9.5.17 of the TYPO3 Enterprise Content Management System have just been released.
This is a companion discussion topic for the original entry at https://typo3.org/article/typo3-1042-and-9517-security-releases-published
Thank you @ohader for your time on fixing and investigating all that security topics!
Unfortunately recent releases introduced some regressions and side-effects which are collected and tracked at https://forge.typo3.org/versions/3581
- bug fix for TYPO3-CORE-SA-2020-004 causes side-effects on extension- or user-land code interacting with caches in Extbase, showing deserialization errors for
- bug fix for TYPO3-CORE-SA-2020-005 causes side-effects for sites that were upgraded from versions before TYPO3 v8 and were upgrade before TYPO3 v9.5.11, e.g. causing problems in the page-tree
$BE_USER->uc probably can contain class references to
stdClass which need to be converted
- TYPO3 v9.5.11 add a corresponding Update backend user configuration array upgrade wizard
- to be found at Admin Tools > Upgrade > Upgrade Wizard > Update backend user configuration array
- bug fix for TYPO3-CORE-SA-2020-006 introduced a strict referrer check, blocking cross-site requests and thus also blocking single-sign-on (SSO) implementations
Once these issues are sorted out and confirmed by the community to resolve current drawbacks, new releases for TYPO3 v9 and v10 will be packaged within a couple of days.