All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh

TYPO3 4.2.16

From TYPO3Wiki
Jump to: navigation, search

<< Back to Administrators page


Release Notes for TYPO3 4.2.16

This document contains information about TYPO3 version 4.2.16 which was released on December 16, 2010.


This release is a combined bugfix and security release.


Due to several security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.2.16, 4.3.9 and 4.4.5.
Find more details in the security bulletin:


MD5 checksums

ad01b11987351a050c0d11663fedef16  dummy-4.2.16.tar.gz
c556a17485887463e67ea0771d7914c4  typo3_src-4.2.16.tar.gz


The usual upgrading procedure applies; no database updates are necessary.


2010-12-16  Oliver Hader  <>

	* Release of TYPO3 4.2.16

2010-12-16  Oliver Hader  <>

	* Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack)
	* Fixed bug #16590: t3lib_TSparser::checkIncludeLines() does not check files to be included (thanks to Fabrizio Branca)
	* Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
	* Fixed bug #16653: SQL injection problem in (thanks to Jigal van Hemert)
	* Fixed bug #15735: FORM content object is susceptible to XSS (thanks to Benjamin Mack)
	* Fixed bug #16362: Directory traversal attack in em_unzip
	* Fixed bug #16593: It is possible to bypass 'verifyFilenameAgainstDenyPattern'

2010-11-12  Ernesto Baschny  <>

	* Fixed bug #15456: Changes made by ColorPicker Wizard are not saved (Thanks to Tobias Hoevelborn)

2010-10-27  Steffen Gebert  <>

	* Fixed bug #15503: Improve t3lib_userAuth::getCookie() (Thanks to Michael Bürgi)

2010-10-18  Xavier Perseguers  <>

	* Fixed bug #1318: 'removeTag' does not remove closing tags

2010-10-11  Steffen Kamper  <>

	* Fixed bug #12376: typo3temp got filled with thousands of javascript_* files (Thanks to Georg Ringer)

Past Release Notes

If you have skipped one or more versions while upgrading to this version, please make sure to read the ReleaseNotes of these versions as well.