As part of the (Extended) Long Term Support of a TYPO3 version, the TYPO3 Association regularly publishes minor and security updates (patches). These fix functional errors and close security gaps. The latter should definitely be applied promptly.
To find out if there are any security patches at all, it is advisable to join the official TYPO3 Anouncement List:
Notes: Minor updates are usually harmless. Nevertheless, so-called breaking changes, i.e. non-downward compatible changes, are possible. Among other things, this can lead to extensions causing problems.
This article describes only the implementation of maintenance or security updates. These can be recognised by the 3rd digit of the version number. For version 9.5.25, this would be 25. If there are higher versions (26,27,28,...), it is recommended to carry out an update according to these instructions.
One speaks of breaking changescwhen the replacement or update of a module leads to the fact that the overall system no longer works, because usually the interface of this module has changed. So changes have to be made in other parts of the system, which are not covered by the update. In TYPO3, breaking changes are mostly changes to the database structure (tables and fields) or to function parameters that serve as an interface for other modules.
The TYPO3 developers strive to have made all breaking changes of a major release already before the release of the LTS version (ideally even with the "zero version", e.g. "11.0"). In rare cases - especially if unavoidable when closing a security gap - breaking chages may still occur in LTS updates.
TYPO3 security update with composer
The update with the composer goes as follows:
Log in to the web server with ssh and change to the installation directory.
Now execute the following command here:
composer update "typo3/cms-*" -W
Security update with the install tool
You can perform TYPO3 security updates yourself using the install tool (or as of version 9 as a maintenance user). The following prerequisites must exist for this (with "web server" here the application is meant, e.g. Apache):
the TYPO3 system runs under a Unix derivative or iOS
the typo3_src directory is a symbolic link with write permissions for the web server
the webserver has write permissions to the webroot directory (usually ". "typo3")
the directory above the webroot directory must also be writable
the tar command must be available and executable by the web server
By setting the environment variable "TYPO3_DISABLE_CORE_UPDATER=1" this update function can be disabled. This must be adjusted in the configuration of the web server (e.g. by setting it to "0").
Security update with TYPO3 Version 10
Log in to the TYPO3 backend as administrator.
Go to "Update TYPO3 Core" under "Admin Tools
Click on "Check for core updates
Click - if an update is available - on "Update now" (make backup before)
Be safe with us
You don't want to take care of it yourself? If you are looking for a service provider who takes care of the timely installation of security updates for you, you have come to the right place.
As a professional TYPO3 internet agency, we offer Service Level Agreements that include the automatic installation of security updates.