Table of content
The TYPO3 v12 release cycle has been a hive of activity with our core developers and community contributors working tirelessly to bring promised features to life. We are proud to announce that TYPO3 version 12.3 is now feature-complete and we are focused on enhancing existing features and polishing the user interface. For agencies building production sites, we highly recommend leveraging all the new technologies and features of TYPO3 v12, especially for long-term projects. Check out the docs.typo3.org for more detailed technical insights on the exciting changes of this release.
Key Changes in TYPO3 Version 12.3
Outgoing Webhooks:
TYPO3 v12.1 introduced the Reactions feature that enabled integrators and administrators to configure TYPO3 to respond to incoming webhook calls. You can find that from new backend module System ➜ Webhooks. Now, with the introduction of the Outgoing Webhooks feature, the system can send event notifications to other systems through outgoing HTTP calls. Users can select an event from the predefined list of events and assign a name and target URL. In addition, users can add an optional description and generate a secret token to validate the data included in the request. Moreover, users can provide additional data in the payload and add HTTP headers to fine-tune the HTTP request.
Content Security Policy (CSP):
TYPO3 v12.3 offers the feature to configure Content Security Policies (CSP) conveniently for both the frontend and backend. CSP is an added security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. TYPO3 developers and integrators now have the option to provide policies that instruct browsers on how to deal with certain resources. For instance, a policy transmitted as an additional HTTP header to the client could instruct which externally hosted JavaScript or CSS files are legitimate. Malicious resources that an attacker possibly managed to inject into the system will be blocked, as they don’t match the CSP.
Default Security Headers for the Backend
In addition to the optional Content Security Policies outlined above, the TYPO3 backend now sends the following common HTTP security headers by default:
- Strict-Transport-Security: max-age=31536000
- X-Content-Type-Options: nosniff
- Referrer-Policy: strict-origin-when-cross-origin
Users can customize the default security headers by adding, overwriting, or removing entries in the global configuration to meet their individual requirements.
Element Browser
The backend module called "Filelist ➜ Files" has undergone significant improvements in recent sprint releases.TYPO3 version 12.1 introduced a tile view with larger thumbnail images and fewer details to provide a better overview of assets in a folder. Additionally, the drag and drop function has been expanded to work between the content area and file/folder tree. Another notable enhancement is the new process for creating folders through an intuitive modal window.
In an effort to create a more cohesive experience throughout the TYPO3 backend, the usage of the file list has been extended to the element browser. This is the built-in component that allows editors to connect a content element with assets from the file/folder list. Backend users who prefer the traditional list view of assets can easily switch between both visual modes. To enhance the user experience, the search function within the file browser now considers the currently selected folder and its subfolders.
Screenshots of the element browser in TYPO3 v12.2 and v12.3, with both list and tile views, are provided to illustrate these improvements.
Retention Period for Deleted Records
When backend users delete records like content elements or pages, TYPO3 designates them as deleted but does not immediately erase the corresponding data from the database. This feature enables users and administrators to recover deleted records using the backend module Web ➜ Recycler. However, retaining deleted records in the database indefinitely is not desirable. In such scenarios, the system extension “TYPO3 CMS Lowlevel” and its CLI command “cleanup:deletedrecords” have been useful.
In TYPO3 version 12.3, we introduced a new option called “--min-age” to the function, which enables administrators to specify a minimum age. By using this option, the command only deletes entries marked as deleted at least x days ago.
This seemingly minor modification can have a significant business impact. With this option, the clean-up process can be executed frequently to meet data retention policies.
Extbase Changes - Magic Methods and Reflection Now Supports Union Types
TYPO3 developers should take note of two important changes that have been made to the programming framework “Extbase”. Firstly, the widely-used "magic methods" that allowed developers to retrieve data from repository classes by calling a function have been replaced with a new set of methods: findBy(), findOneBy(), and count(). While magic methods were convenient, they presented problems for integrated development environments (IDEs), which can't resolve their names, and for static code analysis, which fails to analyze them effectively. The new methods provide the same functionality as magic methods but avoid these issues and allow for multiple comparisons. Developers have been given a long deprecation period to migrate their code to the new methods, with the old methods marked as deprecated in TYPO3 v12 but still available in v12 and v13.
Secondly, Extbase has added support for union types in entity properties in reflection. Since PHP version 8.0, developers have been able to declare multiple types of properties, arguments, and return types using union types, which can replace any @var, @param, and @return declaration in PHPDoc comments. Extbase now detects and supports union type declarations, allowing for better analysis and code generation. More information about these changes can be found in the relevant changelog.
TypoScript and Page TSconfig
The TYPO3 Core Team has invested significant effort in revamping the TypoScript and Page TSconfig functionalities, resulting in a new TypoScript syntax parser that boasts impressive speed, robustness, and logic. However, some syntax changes may cause your TYPO3 site to break when updating to v12. While most sites will continue to function, the changelog contains thorough documentation of migration steps for edge cases. Overall, TYPO3 installations will benefit significantly from these substantial improvements.
Backend UI changes related to TypoScript have been visible in previous v12 sprint releases. The frontend-related TypoScript functions are now located in the Site Management ➜ TypoScript module (previously Web ➜ Template). Integrators should familiarize themselves with the module's submodules, such as
- Edit TypoScript Record (previously known as “Info / Modify”)
- Active TypoScript (previously known as the “TypoScript Object Browser”)
- Included TypoScript (previously known as the “Template Analyzer”).
The second new module in this area is Site Management ➜ Page TSconfig (previously Web ➜ Info ➜ Page TsConfig). The new location and appearance of the Page TSconfig module, streamlined with the TypoScript module, help integrators and site administrators manage, review, and debug the backend UI and its behavior.
Feature Freeze/Complete
Following the release of TYPO3 version 12.3, the feature freeze for the v12 cycle has been put in place. This implies that no new features will be added until the long-term support (LTS) release in April 2023. The focus now shifts to testing, refining, and polishing the source code and user interface. However, some exceptions allow for the completion or improvement of recently added features.
Extension developers are encouraged to review the changes and enhancements made in all TYPO3 v12 sprint releases. This marks the last release before TYPO3 v12 LTS, and extension developers are advised to update their code base to support TYPO3 v12.
To maximize the adoption rate of the upcoming TYPO3 v12 LTS release, it is essential that more extensions are compatible with TYPO3 v12. Therefore, publishing a compatible extension before the release will significantly contribute to the community's acceptance and installation of the LTS release.
TYPO3 integrators are eager to learn more about the benefits of the new release. By taking advantage of the improvements, you can update your existing TYPO3 sites to v12.
System Requirements
Regarding system requirements, TYPO3 version 12.3 retains the same specifications as previously stated in the article “Get Ready for TYPO3 v12,” which includes PHP version 8.1. The support and maintenance guarantee also remains unchanged, and further information about the requirements and dependencies can be found on get.typo3.org.
Download and Installation
Instructions for downloading and installing TYPO3, as well as detailed installation guidelines, can be found on get.typo3.org. We recommend utilizing Composer to set up your TYPO3 environment.
Conclusion
In this blog we have referred everything about the latest TYPO3 v12.3 It’s key features and and what it is all about, Now is the best time to upgrade your TYPO3 Store to the latest features. You can also avail our TYPO3 Upgrade service to keep your store up to date.
Furthermore, the security improvisation itself ensures to keep global policies into consideration making it easier for organizations to comply with them. You can also visit the TYPO3 website to know more.
Contact for SMEs, government organizations and BITV 2.0
Stefan Reinhardt
Service Partner - Germany
Comments and Responses
Comments :