All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh

TYPO3 4.4.1

From TYPO3Wiki
Jump to: navigation, search

<< Back to Administrators page


Release Notes for TYPO3 4.4.1

This document contains information about TYPO3 version 4.4.1 which was released on July 28, 2010.


This release is a bugfix and security release.


Due to several security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.1.14, 4.2.13, 4.3.4 and 4.4.1.
Find more details in the security bulletin:


MD5 checksums

129fa64e8b0652a8f068ca05f0788228  dummy-4.4.1.tar.gz
814955d60dbf5a7c043f23a158aa43bd  typo3_src-4.4.1.tar.gz


The usual upgrading procedure applies; no database updates are necessary.


2010-07-28  Benjamin Mack  <>

	* Release of TYPO3 4.4.1

2010-07-28  Oliver Hader  <>

	* Raised Extbase and Fluid from 1.2.0 to 1.2.1
	* Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)
	* Fixed bug #14978: XSS in file tree (thanks to Georg Ringer)
	* Fixed bug #13292: TYPO3 error message reveals path to web root (thanks to Xavier Perseguers)
	* Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
	* Fixed bug #14950: XSS in t3editor (thanks to Tobias Liebig)
	* Fixed bug #14850: Information disclosure in t3lib_htmlmail (thanks to Georg Ringer)
	* Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
	* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
	* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
	* Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
	* Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
	* Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
	* Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
	* Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
	* Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
	* Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag is not set (thanks to Helmut Hummel)
	* Fixed bug #14389: phtml is also PHP extension and should be denied editing / uploading via fileadmin (thanks to Ernesto Baschny)
	* Follow-up to bug #14389: Added unit test
	* Fixed bug #1985: XSS vulnerability in wizard classes
	* Fixed bug #15223: Password request hash in felogin is created with not enough randomness (thanks to Helmut Hummel)
	* Fixed bug #14712: The GET/POST variable mimeType is used to create the http header content-type without verification (thanks to Rupert Germann)
	* Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_THE_FIELD_NAME### is not quoted (thanks to Helmut Hummel and Xavier Perseguers)
	* Fixed bug #14114: Core mailform is open to spam abuse (thanks to Lars Houmark)
	* Fixed bug #12294: Unchecked URL-Redirect parameter in Front-End logon (thanks to Steffen Kamper and Helmut Hummel)
	* Fixed bug #13137: redirect/returnUrl isn't validated in core (thanks to Georg Ringer and Marcus Krause)

2010-07-27  Steffen Kamper  <>

	* Fixed bug #14920: Cache cannot be cleared in IE8
	* Fixed bug #15252: Bug: Backend shortcut cannot be set in IE8
	* Fixed bug #15228: Links in TS object browser tree forget the breakkpoint
	* Fixed bug #14946: Switching workplaces causes nesting of BE (Thanks to Stefan Galinski)
	* Fixed bug #13649: Deprecated function sql_regcase in cms/tslib/class.tslib_pagegen.php (Thanks to Martin M¸ller)

2010-07-27  Susanne Moog  <>

	* Fixed bug #15147: Inconsistent icon usage for Edit Page Properties (thanks to Georg Ringer)

2010-07-27  Stanislas Rolland  <>

	* Fixed bug #15244: htmlArea RTE: textearea Id may not be unique in FE
	* Fixed bug #15250: htmlArea RTE: FE additionalJS_post javascript may be displayed as HTML text
	* Fixed bug #15121: htmlArea RTE: Javascript Error in IE7 prevent Link dialogue from opening
	* Fixed bug #14859: htmlArea RTE won't load in backend extension

2010-07-27  Christian Kuhn  <>

	* Fixed bug #15196: [caching framework] Speedup t3lib_cache_backend_DbBackend::has($entryIdentifier) (Thanks to Michael Knabe)
	* Fixed bug #13060: t3lib_htmlmail: Deprecated message with PHP 5.3 for sql_regcase (Thanks to Martin Müller)

2010-07-26  Stanislas Rolland  <>

	* Fixed bug #15243: htmlArea RTE: Extension stylesheets refer to incorrect selectors

2010-07-26  Dmitry Dulepov  <>

	* Reverted the fix for #15128 because further investigation is required

2010-07-25  Susanne Moog  <>

	* Fixed bug #14849: Sprites - user defined page types/modules are not respected anymore (thanks to Steffen Ritter)

2010-07-25  Stanislas Rolland  <>

	* Updated htmlArea RTE version to 2.0.3

2010-07-24  Steffen Kamper  <>

	* Fixed bug #14794: Missing border-bottom for inactive tabs (Thanks to Steffen Gebert)
	* Fixed bug #15188: Remove default greyed out effect for CEs (Thanks to Steffen Gebert)
	* Fixed bug #14969: Colors for highlighting the tree and a versioned page can't be distinguished (Thanks to Steffen Gebert)

2010-07-23  Steffen Kamper  <>

	* Fixed bug #15195: TSanalyzer: Add link to breakpoints also in syntaxhighlight mode

2010-07-23  Stanislas Rolland  <>

	* Fixed bug #15203: htmlArea RTE: Modify link option missing in context menu
	* Fixed bug #15050: htmlArea RTE: .htmlarea .statusBar relative path incorrect (Thanks to Felix Kopp)

2010-07-21  Ingo Renner  <>

	* Fixed bug #15179: Tree depth retrieval inconsistently limited to 20 levels int3lib_pageSelect

2010-07-21  Steffen Kamper  <>

	* Fixed bug #15067: Background Image in Element Browser is repeated, but should not be! (Thanks to Steffen Gebert)
	* Fixed bug #15156: Text in template analyzer is "white on white" if syntax highlighting is disabled (Thanks to Steffen Gebert)

2010-07-19  Dmitry Dulepov  <>

	* Fixed bug #15130: Backend search does not find non-latin1 characters
	* Fixed bug #15128: RTE creates <link> tag incorrectly if there is a non-empty title

2010-07-18  Steffen Kamper  <>

	* Fixed bug #15169: Superfluous comma in CSS

2010-07-18  Susanne Moog  <>

	* Fixed bug #15000: remove IM 4.2.9 recommendation in install tool (Thanks to Steffen Gebert)
	* Fixed bug #14998: Upgrade Wizards: Headlines have too much space below (Thanks to Steffen Gebert)

2010-07-16  Christian Kuhn  <>

	* Fixed bug #14982: Make alt_doc.php unit testable (Thanks to Ingo Schmitt)
	* Fixed bug #15142: [Unit tests] Remove unnecessary require_once() calls

2010-07-14  Christian Kuhn  <>

	* Fixed bug #14911: Validation errors in list view (Thanks to Georg Ringer)

2010-07-14  Dmitry Dulepov  <>

	* Fixed bug #6208: zlib must be compiled in to make an extension lookup
	* Fixed bug #12322: cHash is generated when no parameters are given

2010-07-13  Francois Suter  <>

	* Fixed bug: #15054: Scheduler: BE module does not use new skin properly

2010-07-13  Jeff Segars  <>

	* Fixed bug #14775: Old table header styling in Extension Manager (Thanks to Ralf Büchner)
	* Fixed bug #15088: Using sprites breaks setting links to content elements (Thanks to Georg Ringer)

2010-07-13  Steffen Kamper  <>

	* Fixed bug #15097: Intro looks weird with module and no submodules (Thanks to Georg Ringer)
	* Fixed bug #15073: inlineJS creates superfluous markup (Thanks to Georg Ringer)
	* Fixed bug #15103: TS Errors are hardly readable (white on yellow) (Thanks to Georg Ringer)
	* Fixed bug #15098: TS Errors should be shown with flash messages (Thanks to Georg Ringer)
	* Fixed bug #14855: Big Buttons in Page Module miss padding (Thanks to Georg Ringer)

2010-07-13  Xavier Perseguers  <>

	* Fixed bug #15096: Missing icon for _recycler_ folders

2010-07-12  Steffen Kamper  <>

	* Fixed bug #15082: [openDocs] Exception is thrown if a record isn't found

2010-07-12  Dmitry Dulepov  <>

	* Fixed bug #1235: indexed search: garbage instead of cHash in the "path" link (thanks to Nikolas Hagelstein)

2010-07-11  Steffen Kamper  <>

	* Fixed bug #14970: ts browser condition results in error if browser is unknown (Thanks to Caspar Stuebs)

2010-07-11  Susanne Moog  <>

	* Fixed bug #14923: CleanUp: getIconImage is not replaced in Core (thanks to Steffen Ritter)
	* Follow-up to #15045: Trailing newlines after php closing tag. (Thanks to Nikolas Hagelstein)

2010-07-10  Stanislas Rolland  <>

	* Fixed bug #14896: ExtJS is not included when RTE is invoked by USER_INT frontend script

2010-07-09  Steffen Kamper  <>

	* Fixed bug #15061: Remove XCLASS from t3lib_utility_Http (Thanks to Georg Ringer)
	* Fixed bug #15055: Scheduler: Date picker is broken in add/edit form
	* Fixed bug #14988: TYPO3.Backend is assigned twice by ExtDirect and the viewport (Thanks to Stefan Galinski)
	* Fixed bug #15045: Trailing newlines after php closing tag. (Thanks to Nikolas Hagelstein)

2010-07-08  Susanne Moog  <>

	* Follow-up to #14719: Wrong code comment (QUICKSTART/FIRST_INSTALL) (thanks to Steffen Gebert)
	* Fixed bug #14813: Install Tool uses deprecated function t3lib_stdGraphic->imagecreate() (thanks to Stefan Galinski)

2010-07-08  Dmitry Dulepov  <>

	* Fixed bug #15049: "Fileextension" is not an English word

2010-07-07  Christian Kuhn  <>

	* Fixed bug #14968: Add unit tests for t3lib_div::validIP (Thanks to Nikolas Hagelstein and Felix Kopp)

2010-07-07  Susanne Moog  <>

	* Follow-up to #14845: No preview images with referenced files anymore (thanks to Stefan Galinski)

2010-07-06  Susanne Moog  <>

	* Fixed bug #14845: Bug: Filelist module reports "type" of files also for directories  (thanks to Caspar Stuebs and Andy Grunwald)

2010-07-06  Christian Kuhn  <>

	* Fixed bug #14984: Add example unit tests from T3DD10 unit testing workshop (Thanks to Oliver Klee)
	* Fixed bug #14885: No access to taskcenter (tasks) for non-admins (Thanks to Jigal van Hemert)
	* Fixed bug #14991: Missing fields in "showRecordFieldList" at the TCA for fe_users (Thanks to Frank Nägler)
	* Fixed bug #14972: Add unit tests for t3lib_div::removeArrayEntryByValue (Thanks to Thorben Kapp)
	* Fixed bug #14967: [Caching framework] fileBackend testcase removes files in /sbin
	* Fixed bug #14977: Add php cache frontend to t3lib/config_default.php (Thanks to Felix Oertel)

2010-07-06  Steffen Kamper  <>

	* Fixed bug #14960: [t3skin] apps-pagetree.css is redundant (Thanks to Felix Kopp)
	* Follow-up to #13379: Sprite Icon API (Thanks to Steffen Ritter)
	* Fixed bug #14980: Install tool causes PHP warnings if	typo3conf/ is not writeable

2010-07-05  Susanne Moog  <>

	* Follow-up to #14705: In BE login form labels: position of caps lock warning  (thanks to Steffen Gebert)
	* Fixed bug #14880: introduced type hinting in t3lib_iconWorks (thanks to Jigal van Hemert)
	* Fixed bug #14824: wrong icon in template analyzer (thanks to Georg Ringer)

2010-07-05  Steffen Kamper  <>

	* #12514: Installtool duplicates values of fields with defaultTypoScript_constants
	* Fixed bug #10958: Broken i18n_parent relation upon localizing records in workspace (Thanks to Tolleiv Nietsch)
	* Fixed bug #14907: Help Modules can not be disabled on a per user basis (Thanks to Georg Ringer)
	* Fixed bug #14957: Styling of record history (Thanks to Georg Ringer)

2010-07-04  Stanislas Rolland  <>

	* Fixed bug #14929: htmlArea RTE: Font Family and Font Size Dropdown boxes don't open
	* Fixed bug #14996: htmlArea RTE: Clicking in drop down boxes should mark text

2010-07-02  Christian Kuhn  <>

	* Fixed bug #14947: Missing closing div in db_new_content_el.php (Thanks to Georg Ringer)

2010-06-29  Ernesto Baschny  <>

	* Fixed bug #14810: Follow-up to bug #13670: Export module does not keep pagetree configuration (exports only the page tree) (Thanks to Thomas Juhnke)

2010-06-29  Stanislas Rolland  <>

	* Fixed bug #14905: htmlArea RTE: Image dialogue shows tab "Current picture" when there is no current image

2010-06-29  Steffen Kamper  <>

	* Follow-up to #14553: topFrameH configuration option doesn't work anymore

2010-06-28  Stanislas Rolland  <>

	* Fixed bug #14830: htmlArea RTE: Entering line breaks with Safari not possible

2010-06-27  Stanislas Rolland  <>

	* Fixed bug #14886: htmlArea RTE: Incorrect function scope when error is raised
	* Fixed bug #14887: htmlArea RTE: RTE may be started before style sheets are loaded

2010-06-26  Stanislas Rolland  <>

	* Fixed bug #14876: htmlArea RTE: SelectFont plugin may cause js error
	* Follow-up to bug #14793: htmlArea RTE: Problematic icons in IE6

2010-06-25  Steffen Kamper  <>

	* Fixed bug #14870: typo in parameter type causes php error (Thanks to Jigal van Hemert)
	* Fixed bug #14866: Quicktime audio format m4a isn't supported
	* Fixed bug #14847: Bug: Template Analyzer: Line numbers barely readable (Thanks to Andy Grunwald)
	* Fixed bug #14857: Reports Module: Wrong icon and a styling problem (Thanks to Georg Ringer)
	* Fixed bug #14834: About module need padding
	* Fixed bug #14844: Milliseconds on logout (Thanks to Georg Ringer)

Past Release Notes

If you have skipped one or more versions while upgrading to this version, please make sure to read the ReleaseNotes of these versions as well.