As part of the (Extended) Long Term Support of a TYPO3 version, the TYPO3 Association regularly publishes minor and security updates (patches). These fix functional errors and close security gaps. The latter should definitely be applied promptly.
To find out if there are any security patches at all, it is advisable to join the official TYPO3 Anouncement List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
Notes:
Minor updates are usually harmless. Nevertheless, so-called breaking changes, i.e. non-downward compatible changes, are possible. Among other things, this can lead to extensions causing problems.
This article describes only the implementation of maintenance or security updates. These can be recognised by the 3rd digit of the version number. For version 9.5.25, this would be 25. If there are higher versions (26,27,28,...), it is recommended to carry out an update according to these instructions.
General information on a TYPO3 update can be found here.
You can carry out TYPO3 security updates yourself using the install tool (or from version 9 as a maintenance user). The following requirements must be met (the term "web server" here refers to the application, e.g. Apache):
By setting the environment variable "TYPO3_DISABLE_CORE_UPDATER=1", this update function can be deactivated. This must be adjusted in the configuration of the web server (e.g. by setting it to "0").
Check and update your system as follows:
The update in TYPO3 v10 is analogous to version 9, but the dialogues look slightly different:
You don't want to take care of it yourself? If you are looking for a service provider who takes care of the timely installation of security updates for you, you have come to the right place.
As a professional TYPO3 internet agency, we offer Service Level Agreements that include the automatic installation of security updates.