With this patch, the page link (requesting a dedicated
paginated page) in the redirects module bottom pagination
is now working again. This is done by selecting all pagination
forms and adding the submit event to them.

Resolves: #94661
Releases: 10.4
Change-Id: I484aacb1f92d95c296a95a594602935551086aff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74975


Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Releases: main, 11.5, 10.4
Resolves: #97867
Change-Id: I5948ff1ab539d6f90da9034fdd05c104ea344c25
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75057


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Use new Symfony TypoScript condition syntax instead
of outdated syntax.

Releases: main,11.5,10.4
Resolves: #97847
Change-Id: Ib0711c2ed871762415b022159a3c6c4b5e688a10
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75054


Tested-by: core-ci <typo3@b13.com>
Tested-by: Björn Jacob <bjoern.jacob@tritum.de>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Björn Jacob <bjoern.jacob@tritum.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

When changing values in the form editor inspector, their header
content is updated and overridden - as a result the corresponding
type icon in the header suddenly disappears.

Resolves: #97841
Releases: main, 11.5, 10.4
Change-Id: I18bbd668a16a5b350a14cfa565fb5b96ab205fe8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75011


Tested-by: core-ci <typo3@b13.com>
Tested-by: waldhacker <hello@waldhacker.dev>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: waldhacker <hello@waldhacker.dev>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

With #96478, the default value for overridden finisher options in
FormEngine was set to the translated label "[Empty]" in case the
finisher option was empty. Since applying labels to values does not
really make sense here, the original option value is now set as default
value in FormEngine, ignoring the generated label.

Resolves: #97781
Resolves: #97557
Resolves: #96830
Related: #96478
Releases: 10.4
Change-Id: Ice236994485374a3e5399926df901da15cb8d991
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74999


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

config.typolinkLinkAccessRestrictedPages_addParams works only with
redirectMode getpost.

Releases: main, 11.5, 10.4
Resolves: #97370
Change-Id: I43fc29558eb1d282b4f5939fa115f5350cbede38
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74940


Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Lina Wolf <112@linawolf.de>
(cherry picked from commit 37af7558)
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74941

The search results page currently may show the "pages"
indicator in the title when there are no page numbers
to show. This patch changes it to only show pagination
information if there is information to show.

Resolves: #96796
Releases: main, 11.5, 10.4
Change-Id: I8c1600a7eb732ed018c22bc02b0e689eb39a081c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74939


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Add changelog entry to https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 - Restrict export functionality to allowed users

Resolves: #97771
Releases: main, 11.5, 10.4
Change-Id: I98252b73aa5b14a8cfe5d26559711123e17ced15
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74977


Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>

The maintainers of the package guzzlehttp/guzzle released a new version
6.5.8 that fixes two security issues:

* CURLOPT_HTTPAUTH option not cleared on change of origin [1]
* Change in port should be considered a change in origin [2]

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.8 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.8 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

Resolves: #97802
Releases: main, 11.5, 10.4
Change-Id: Ia49f75f8ed078beb43ba42f89efdd8e68ee146c5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74973


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The patch for issue #97144 explicitly set a white background
for all modules to improve scroll performance. It introduced
a regression, changing EXT:dashboard's background from light
gray to white as well.

This patch resolves the regression by applying the gray
background to the new element.

Resolves: #97713
Related: #97144
Releases: 10.4
Change-Id: I411b817a7d020a144c43d4382574c7a5d21e554e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74921


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

This patch adjustes invalid namespaces uses in some files
to ensure PSR-4 loading compatibility.

Resolves: #97793
Releases: main, 11.5, 10.4
Change-Id: Ib8e0a1fd2b0c6493a7cda9d4360abec90b80ade4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74956


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Guard invalid argument type exception by using null coalescing operator
in `\TYPO3\CMS\Form\Domain\Finishers\FinisherVariableProvider`.

Resolves: #97699
Releases: main, 11.5, 10.4
Change-Id: I6312fb35d52857004e0467a20e215fc4095e0037
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74932


Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Change-Id: Id7f3beef270899625236c25be8db45719086af1c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74915


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I71f6551f6c250f9dde3155b069de4d5cf78e357b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74914


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The security fix TYPO3-CORE-SA-2022-005 introduced a synchronization
of backend user and admin tool sessions - without considering these
two documented aspects:

+ If no system maintainer is set up, then all administrators are
  assigned the system maintainer role.
+ In Development context, all administrators are system maintainers
  as well.

Resolves: #97768
Releases: main, 11.5, 10.4
Change-Id: I81dbfc5d07a41a4fa254e1fb50210c74f5e6f02c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74912


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I989daf592c9a350a54dbe26f138e614781ef7541
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74907


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I128659dc3c5e6370bdc6bc62154358029fb3d11c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74906


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Admin tools sessions are revoked in case the initiatin backend user
does not have admin or system maintainer privileges anymore. Besides
that, revoking backend user interface sessions now also revokes access
to admin tools. Standalone install tool is not affected.

Resolves: #92019
Releases: main, 11.5, 10.4
Change-Id: I367098abd632fa34caa59e4e165f5ab1916894c5
Security-Bulletin: TYPO3-CORE-SA-2022-005
Security-References: CVE-2022-31050
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74896


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The `receiverName` variable used in the password recovery mail of the
Extbase felogin plugin was susceptible to HTML injection due to
missing sanitization. The variable is now passed thru the
`f:format.htmlspecialchars` ViewHelper.

Resolves: #96559
Releases: main, 11.5, 10.4
Change-Id: I60e23c161f7f2fcc87b8870345b10a4c31d7b8db
Security-Bulletin: TYPO3-CORE-SA-2022-004
Security-References: CVE-2022-31049
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74895


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Multivalue items in the form editor user interface were previewed
as HTML, but should be treated as scalar text only.

Resolves: #96743
Releases: main, 11.5, 10.4
Change-Id: I5e8dab26119490ecf19ac5d48c2bc7a5a00daaad
Security-Bulletin: TYPO3-CORE-SA-2022-003
Security-References: CVE-2022-31048
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74894


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

When a TYPO3 exception is handled through registered exception
handlers, log writers may log sensitive information to logs,
since the full stacktrace is logged.

With this change, exception handlers that extend
AbstractExceptionHandler except DebugExceptionHandler will
by default not include the exception object any more and
thereby not log the full stacktrace.

Resolves: #96866
Releases: main, 11.5, 10.4
Change-Id: Iaf233eefc9a1a60334a47753baf457e8282e68c0
Security-Bulletin: TYPO3-CORE-SA-2022-002
Security-References: CVE-2022-31047
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74893


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The import functionality of the import/export module is already
restricted to admin users or users, who explicitly have access through
the user TSConfig setting "options.impexp.enableImportForNonAdminUser".

The export functionality has the following security drawbacks:

* Export for editors is not limited on field level
* The "Save to filename" functionality saves to a shared folder, which
  other editors with different access rights may have access to.

Both issues are not easy to resolve and also the target audience for
the Import/Export functionality are mainly TYPO3 admins.

Therefore, now also the export functionality is restricted to TYPO3
admin users and to users, who explicitly have access through the new
user TSConfig setting "options.impexp.enableExportForNonAdminUser".

Additionally, the contents of the temporary "importexport" folder in
file storages is now only visible to users who have access to the
export functionality.

In general,...

Some default fields (e.g. tt_content.bodytext) can contain null values.
TYPO3 first fetches the data in the default language and then overlays
the rows data with the translation values. The overlay method inspects
each array item with the php isset() function. This validates not only
the existence of the array key, but also the values. null and
false values evaluated as false. Empty strings evaluate as true.
This leads to inconsistent output in the frontend.

The overlay now valides only the array key existence and applies also
empty values.

Resolves: #97616
Releases: main, 11.5, 10.4
Change-Id: I4b01c52e9ac7adde786b3395bce870bc0a354b58
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74837


Tested-by: André Buchmann <andy.schliesser@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: André Buchmann <andy.schliesser@gmail.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni...

The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.

3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.7 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.7 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74879


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo...>

This change adds the ability to clean rendered documentation
folder and files in all system extension folders in one go.
Mentioned folders are `typo3/sysext/*/Documentation-GENERATED-temp`.

Added command/testsuite:

* `Build/Scripts/runTests.sh -s cleanRenderedDocumentation`

Additionally the already combined cleaning command `-s clean`
is extended to delete rendered documentation in the same run.

Resolves: #97673
Releases: main, 11.5, 10.4
Change-Id: I344f897769cd5f475d43db67dd1b27693f49a658
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74842


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

A dialog trying to prevent overriding existing files in the filelist
module shows an incorrect modification date of files that are existing
on the server-side. When using regular unix timestamps (instead of
micro-timestamps), dedicated `moment.unix` function has to be used.

Resolves: #97724
Releases: main, 11.5, 10.4
Change-Id: Ieb5a00aaf87410e9721e39d91b9e0da13a109bc6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74816


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The "page" and "pages" translation keys are backwards.
This patch makes them forwards.

Resolves: #96795
Releases: main, 11.5
Change-Id: I3dde22d5a6f9ae7c62fe8c60156d6131f676a11c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74833


Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

This is now covered by the annotations using generics in the testing
framework base class, and hence not needed anymore.

(Removing it also helps get consistent behavior from PhpStorm's
static type analysis.)

Resolves: #97736
Releases: main, 11.5, 10.4
Change-Id: Ia7d7e790bb92eaf1c9b7ffa4f9d97b2b0a50dee3
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74769


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Stefan Bürk <stefan@buerk.tech>

+ npm package moment up to v2.29.2 contained a vulnerability
  (https://github.com/advisories/GHSA-8hfj-j24r-96c4) which only
  affected npm server users - in order to avoid confusion concerning
  security aspects, the package version is raised
+ npm package moment-timezone was upgraded to recent timezone data
  "IANA TZDB 2021"

Executed commands:

cd Build; \
  nvm use; \
  yarn upgrade moment moment-timezone; \
  yarn exec grunt clear-build; \
  yarn exec grunt build

Resolves: #97723
Releases: main, 11.5, 10.4
Change-Id: I84ea9ca6b696d74aab70cfa45e6d41a95ae0159d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74804


Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Update copyright year to 2022

Resolves: #97704
Releases: main, 11.5, 10.4
Change-Id: I15e6c0674ac293eecad88f95379ec33679dda8d4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74759


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The package guzzlehttp/guzzle has been updated to 7.4.3 and 6.5.6
respectively, both fixing a security vulnerability related to
cross-domain cookie leakage [1]. Since TYPO3 is not affected by
this issue by default, this is handled as a public bugfix.

However, 3rd party code (e.g. thru extensions) may be affected by this
issue, as long `'cookies' => true` is used in requests done by Guzzle.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.6 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.6 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Resolves: #97694
Releases: main, 11.5, 10.4
Change-Id: I39071c917c7ed26392f66b0ea2f774ecbceead9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74772


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@s...>

The note about jumping to a previous version of the
page is obsolete, because you can switch no further
than version 8.7 with the version selector and the
older version is in v7.6.

In any case, if someone needs the information for
version 7.6 and below they must use other means
anyway (e.g. use Git repository and render locally)
since these older versions are no longer rendered
on docs.typo3.og.

Resolves: #97632
Releases: main, 11.5, 10.4
Change-Id: Iedbb482c4086ed4740410acc3c6e82f47607ec52
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74686


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Use the correct middleware name 'typo3/cms-frontend/authentication' in
the changelog instead of referring to a non-existing name.

Releases: main, 11.5, 10.4
Resolves: #97660
Change-Id: I5ebb586689f3173e1cc2a06049fd4b4d40430972
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74694


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Brings a multibyte fix when dealing with word-based
diffs, which is our default usage.

composer req lolli42/finediff:^1.0.1

Resolves: #97611
Releases: main, 11.5, 10.4
Change-Id: I601842ed75917f9a6d438191273e602238d3edda
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74607


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Change-Id: I308c3851b4aeb0422acb4bf03c3285928cdd5e99
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74595


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I5ebedca1cf34181ad228aa833aaa651a46aebec7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74594


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Avoid a postgresql error when previewing a page from the backend which
has an access protection by a fe_group due to PreviewSimulator faking
a fe_user with uid PHP_INT_MAX and sql failure to update the is_online
status of this fake user in PostgreSQL as column fe_users.uid is of type
integer and thus has max value of 2147483647 instead of PHP_INT_MAX.

Releases: main, 11.5, 10.4
Resolves: #97564
Change-Id: I16c866c368a9b3f5ac6bdfacf2c6660a7046df5a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74552


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Latest docker:20.10-dind (currently 20.10.15)
triggers an error on CI:

Error response from daemon: failed to create shim task: OCI
runtime create failed: runc create failed: unable to start
container process: unable to apply cgroup configuration:
mkdir /sys/fs/cgroup/rdma/docker: permission denied: unknown

The image is the 'sub-container' in CI on runner hosts,
that runs all the test images like the php and database
images.

This error *may* have to do with sysbox, which is a security
layer on runner hosts to separate CI jobs from each other.
We however currently don't know exactly what is going on.

For the time being, we pin the dind image to its previous
verion docker:20.10.14-dind

Change-Id: Ie59be69680e1f444c115f2249ca8709bbfdd1e3e
Releases: main, 11.5, 10.4
Resolves: #97570
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74543


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Scrolling the list module with 100 entries causes framerate
to drop below 15fps on low DPI devices in Google Chrome
with subpixel font rendering enabled, which is the default
for low DPI (=non HiDPI/retina) devices on Linux and MacOS.

Without this fix Google Chrome rerenders the entire module
contents on every scroll step in order to perform full
subpixel rendering (for a possibly changing/changed
background), as Chrome only promots scrolling layers to
composited (fast!) layers when the background is opaque [1].
Large tables amplify this issue as the entire table –
not just the visible content – needs to be (re)drawn in
order to calculate the expensive table layout.

An explicit background color preserves subpixel
font rendering capabilities while allowing the browser
to avoid expensive redraws as the scrolling layer is
promoted to a separate, opaque composition layer.
Other possible workarounds like `transform: translateZ(0)`
or `will-change: transform` would degrade font quality [2],
as Chrome would disable subpixel rendering in that case.

This issue has been already been implicitly fixed in TYPO3 v11
as #93489 moved the scroll layer from .module-body to .module,
where an explicit background color is present.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=381840#c51
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=597678#c3

Releases: 10.4
Resolves: #97144
Related: #93489
Change-Id: I63ce557169a3b8683430e3cdca746abb4c5ce60a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74528


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>

Currently acceptance tests do not work on arm64 (Apple M1)
due to the lack of support in the selenium docker image.

This has been fixed by detecting arm64 and switch to
arm64 compatible image (seleniarm/standalone-chromium).

Resolves: #97541
Releases: main, 11.5, 10.4
Change-Id: I531e7e1d7f0f11a1c6d850699eee3b4a9aa3e5d0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74513


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>