All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh

TYPO3 6.0.12

From TYPO3Wiki
Jump to: navigation, search

∫ << Back to Administrators page


Release Notes for TYPO3 CMS 6.0.12

This document contains information about TYPO3 CMS 6.0.12 which was released on December 10th, 2013.


This release is a security release.


Due to security issues found in the TYPO3 Core, there was a combined release of TYPO3 4.5.32, 4.7.17, 6.0.12 and 6.1.7.
Find more details in the security bulletin:


MD5 checksums

07c789c3986778fc5a6d10d71c2ee093  blankpackage-6.0.12.tar.gz
da0b1a03940f0f968cab4d63a0cdfae6  dummy-6.0.12.tar.gz
8238e4af63bfbca34d43193065604d34  typo3_src-6.0.12.tar.gz


The usual upgrading procedure applies. No database updates are necessary.


Here is a list of what was fixed since 6.0.11:

  • [RELEASE] Release of TYPO3 6.0.12
  • [SECURITY] XSS in header link of all content elements (#31206)
  • [SECURITY] XSS in colorpicker wizard (#42772)
  • [SECURITY] Prevent editor controlled hmac content (#45043)
  • [SECURITY] XSS in backend user adminstration (#48691)
  • [SECURITY] Information Disclosure in Wizards (#41714)
  • [SECURITY] Fix open redirection in openid extension (#54099)
  • [SECURITY] allows to set arbitrary fields (#48187)
  • [SECURITY] XSS in be_layout wizard (#36768)
  • [SECURITY] XSS in beuser VH (#47086)
  • [SECURITY] Remove possible XSS from ActionController Error output (#54074)
  • [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (#54073)
  • [BUGFIX] ClientUtility does not detect Internet Explorer 11 (#54124)
  • [BUGFIX] Add missing namespacing for calling GeneralUtility (#54117)
  • [BUGFIX] ext:adodb Restrict connection wizard to admins (#42651)
  • [TASK] Set TYPO3 version to 6.0.12-dev

Past Release Notes

If you have skipped one or more versions while upgrading to this version, please make sure to read the ReleaseNotes of these versions as well.