How to do a TYPO3 security update?

Last modified:

As part of the (Extended) Long Term Support of a TYPO3 version, the TYPO3 Association regularly publishes minor and security updates (patches). These fix functional errors and close security gaps. The latter should definitely be applied promptly.

 

To find out if there are any security patches at all, it is advisable to join the official TYPO3 Anouncement List:

http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

Notes: 
Minor updates are usually harmless. Nevertheless, so-called breaking changes, i.e. non-downward compatible changes, are possible. Among other things, this can lead to extensions causing problems.

This article describes only the implementation of maintenance or security updates. These can be recognised by the 3rd digit of the version number. For version 9.5.25, this would be 25. If there are higher versions (26,27,28,...), it is recommended to carry out an update according to these instructions.

General information on a TYPO3 update can be found here.


Requirements for a TYPO3 security update

You can carry out TYPO3 security updates yourself using the install tool (or from version 9 as a maintenance user). The following requirements must be met (the term "web server" here refers to the application, e.g. Apache):

  • The TYPO3 system runs under a Unix derivative or iOS
  • the directory typo3_src is a symbolic link with write permissions for the web server
  • the web server has write access to the webroot directory (usually ". "typo3")
  • the directory above the webroot directory must also be writable
  • The tar command must be available and executable by the web server.

By setting the environment variable "TYPO3_DISABLE_CORE_UPDATER=1", this update function can be deactivated. This must be adjusted in the configuration of the web server (e.g. by setting it to "0").


Security update in TYPO3 v8

Check and update your system as follows:

  1. Log in to the TYPO3 install manager (usually under <WEBSITE>/typo3/install)
  2. Click on the button "Check for core updates" under "Core Updates" (see below: Figure 1)
  3. If updates are available, they will now be listed. In image 2 below, "Update to security relevant released version 8.7.25 is available!" (Otherwise it would say "No regular update available!")
  4. After you have clicked on "Update now" (make a backup first!), the system is updated (see image 3.).

Video: Performing a security update in TYPO3 v9

Security update in TYPO3 version 10

The update in TYPO3 v10 is analogous to version 9, but the dialogues look slightly different:

 

 

Perform security update in TYPO3 version 10

Be safe with us

You don't want to take care of it yourself? If you are looking for a service provider who takes care of the timely installation of security updates for you, you have come to the right place.

 

As a professional TYPO3 internet agency, we offer Service Level Agreements that include the automatic installation of security updates.