A serialization issue has been fixed in symfony/mime 4.4.16 / 5.1.8
which has to be used as minimum version.

https://github.com/symfony/symfony/commit/fd99eb26d893390b45c214f4884fea090f1c1178

Resolves: #98052
Releases: 10.4
Change-Id: Ie444aee39685b2f72fc77171fa56040db6a7cf7c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75330


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>

In preparation for patchset
https://review.typo3.org/c/Packages/TYPO3.CMS/+/70460/,
functional tests are introduced to test the caching behavior
of EXT:form.

Resolves: #97049
Related: #93887
Releases: main, 11.5, 10.4
Change-Id: Ief1c8d90371d6003512f88a064c2d82e51502590
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75326


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Casual raise of v6 typo3/testing-framework.

> composer req --dev mikey179/vfsstream:^1.6.11
> composer req --dev typo3/testing-framework:^6.16.6

Change-Id: I4761948bd8827ab4638f280d5b69403d300afcb1
Resolves: #98026
Releases: main, 11.5, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75294


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The issue has been resolved in sysbox, we don't
need the patch level pin anymore.

Resolves: #98015
Related: #97570
Releases: main, 11.5, 10.4
Change-Id: I1a2080ec3e8609350c9975bad8f65e69513d5f48
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75222


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Creating a version overlay of a record that has flexform
sections and moving or deleting some of these sections
at the same time fails in DataHandler due to a wrong uid
lookup for the section command array.

The patch fixes this scenario in the DataHandler flexform
processing code and leaves an according explanation comment.

Note this v10 backport contains the fix only and skips
the functional tests that have been added with main.

Resolves: #73761
Releases: main, 11.5, 10.4
Change-Id: Ib1c910c59a2ebfe9b7545cabb258f44bac2cd273
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75195


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The reference "Inside TYPO3" is not available anymore since TYPO3 8.7.

The sentences are quite useless anyway.

Releases: main, 11.5, 10.4
Resolves: #97913
Change-Id: I2d496726db8b22de667d230a99f7d17341fd309d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75157


Tested-by: core-ci <typo3@b13.com>
Tested-by: Sybille Peters <sypets@gmx.de>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Sybille Peters <sypets@gmx.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75182

In case GU::createVersionNumberedFilename() receives
a file with an absolute path, no back path should be resolved
since the resolved path will always be invalid, which led
to no version number got added to the filename anymore.

This is now fixed by checking for the path being absolute.

Resolves: #97939
Releases: main, 11.5, 10.4
Change-Id: I5bb0150fa27b8c9c1af2aa99bd8baacd55889245
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75142


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

Docblock annotations with more then one space between a wildcard
character `*` and the annotation start character `@` was not found.
Additionally, annotation identifiers did not regonize hyphens as
valid identifier character, thus cutting of e.g. phpstan annoations.

This patch now properly finds annotions with multi-space separations
and annotation identifiers containing hyphens. Additionally, two
phpstan specific annotations are allowed.

> https://phpstan.org/writing-php-code/phpdoc-types#local-type-aliases

Summarized contained tasks:

> find multi-space separated annotations
  e.g. `*  @<AnnotationIdentifier>`
> properly extract full annotation identifier containing hyphens
  e.g. `* @annoation-identifier-with-hyphen`
> add `@phpstan-type` and `@phpstan-import-type` as allowed
  annotation, but only on class level, and not on class-property
  or class-method level

Resolves: #97917
Resolves: #97918
Resolves: #97919
Releases: main, 11.5, 10.4
Change-Id: Iab69ffd87d407088f1237168e19b67a8dc846c8f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75138


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Change-Id: Ib693cdbcba4ebf4a3b68387ed963e5e9ff23c204
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75119


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I33b054bd03a7c1661fa05e09bb22e7f58cf1fa3e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75118


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Since TYPO3 version 10.4, the custom page type is not restricted
to any range of numbers.
This limitation no longer exists, and any number is allowed.

The ElementBrowserPageTreeView just now also respect this and
allows to link to other any doktype beside:
- PageRepository::DOKTYPE_RECYCLER
- PageRepository::DOKTYPE_SYSFOLDER

Resolves: #97626
Releases: main, 11.5, 10.4
Change-Id: Iffc3f705f74cc7516464fdb00adb456141657948
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75133


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Releases: main, 11.5, 10.4
Resolves: #97885
Change-Id: Ib274d3d85f1311f100afe8e12167ebc6eaab21db
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75066


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

"msclkid" is the Click ID parameter of Microsoft / Bing
which should be excluded from cHash generation.

Resolves: #97870
Releases: main, 11.5, 10.4
Change-Id: I9c625e559cb2c7cf031466730ea4eab2e376f9ff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75064


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Escaping SQL `LIKE` wildcards is only provided via
`QueryBuilder::escapeLikeWildcards()`, but would be useful as
`Connection::escapeLikeWildcards()` as well (without having the
demand to create another `QueryBuilder` instance).

With this patch, both methods are available:
* `QueryBuilder::escapeLikeWildcards()`, and
* `Connection::escapeLikeWildcards()`

Resolves: #97878
Releases: main, 11.5, 10.4
Change-Id: Ia8968dee944300949c6bb2be5b15e2d02a589d25
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75061


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

With this patch, the page link (requesting a dedicated
paginated page) in the redirects module bottom pagination
is now working again. This is done by selecting all pagination
forms and adding the submit event to them.

Resolves: #94661
Releases: 10.4
Change-Id: I484aacb1f92d95c296a95a594602935551086aff
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74975


Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Releases: main, 11.5, 10.4
Resolves: #97867
Change-Id: I5948ff1ab539d6f90da9034fdd05c104ea344c25
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75057


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Use new Symfony TypoScript condition syntax instead
of outdated syntax.

Releases: main,11.5,10.4
Resolves: #97847
Change-Id: Ib0711c2ed871762415b022159a3c6c4b5e688a10
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75054


Tested-by: core-ci <typo3@b13.com>
Tested-by: Björn Jacob <bjoern.jacob@tritum.de>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Björn Jacob <bjoern.jacob@tritum.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

When changing values in the form editor inspector, their header
content is updated and overridden - as a result the corresponding
type icon in the header suddenly disappears.

Resolves: #97841
Releases: main, 11.5, 10.4
Change-Id: I18bbd668a16a5b350a14cfa565fb5b96ab205fe8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75011


Tested-by: core-ci <typo3@b13.com>
Tested-by: waldhacker <hello@waldhacker.dev>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: waldhacker <hello@waldhacker.dev>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

With #96478, the default value for overridden finisher options in
FormEngine was set to the translated label "[Empty]" in case the
finisher option was empty. Since applying labels to values does not
really make sense here, the original option value is now set as default
value in FormEngine, ignoring the generated label.

Resolves: #97781
Resolves: #97557
Resolves: #96830
Related: #96478
Releases: 10.4
Change-Id: Ice236994485374a3e5399926df901da15cb8d991
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74999


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

config.typolinkLinkAccessRestrictedPages_addParams works only with
redirectMode getpost.

Releases: main, 11.5, 10.4
Resolves: #97370
Change-Id: I43fc29558eb1d282b4f5939fa115f5350cbede38
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74940


Tested-by: Lina Wolf <112@linawolf.de>
Reviewed-by: Lina Wolf <112@linawolf.de>
(cherry picked from commit 37af7558)
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74941

The search results page currently may show the "pages"
indicator in the title when there are no page numbers
to show. This patch changes it to only show pagination
information if there is information to show.

Resolves: #96796
Releases: main, 11.5, 10.4
Change-Id: I8c1600a7eb732ed018c22bc02b0e689eb39a081c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74939


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Add changelog entry to https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 - Restrict export functionality to allowed users

Resolves: #97771
Releases: main, 11.5, 10.4
Change-Id: I98252b73aa5b14a8cfe5d26559711123e17ced15
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74977


Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>

The maintainers of the package guzzlehttp/guzzle released a new version
6.5.8 that fixes two security issues:

* CURLOPT_HTTPAUTH option not cleared on change of origin [1]
* Change in port should be considered a change in origin [2]

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.8 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.8 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

Resolves: #97802
Releases: main, 11.5, 10.4
Change-Id: Ia49f75f8ed078beb43ba42f89efdd8e68ee146c5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74973


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The patch for issue #97144 explicitly set a white background
for all modules to improve scroll performance. It introduced
a regression, changing EXT:dashboard's background from light
gray to white as well.

This patch resolves the regression by applying the gray
background to the new element.

Resolves: #97713
Related: #97144
Releases: 10.4
Change-Id: I411b817a7d020a144c43d4382574c7a5d21e554e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74921


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

This patch adjustes invalid namespaces uses in some files
to ensure PSR-4 loading compatibility.

Resolves: #97793
Releases: main, 11.5, 10.4
Change-Id: Ib8e0a1fd2b0c6493a7cda9d4360abec90b80ade4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74956


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Guard invalid argument type exception by using null coalescing operator
in `\TYPO3\CMS\Form\Domain\Finishers\FinisherVariableProvider`.

Resolves: #97699
Releases: main, 11.5, 10.4
Change-Id: I6312fb35d52857004e0467a20e215fc4095e0037
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74932


Reviewed-by: Stephan Großberndt <stephan.grossberndt@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Change-Id: Id7f3beef270899625236c25be8db45719086af1c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74915


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I71f6551f6c250f9dde3155b069de4d5cf78e357b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74914


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The security fix TYPO3-CORE-SA-2022-005 introduced a synchronization
of backend user and admin tool sessions - without considering these
two documented aspects:

+ If no system maintainer is set up, then all administrators are
  assigned the system maintainer role.
+ In Development context, all administrators are system maintainers
  as well.

Resolves: #97768
Releases: main, 11.5, 10.4
Change-Id: I81dbfc5d07a41a4fa254e1fb50210c74f5e6f02c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74912


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I989daf592c9a350a54dbe26f138e614781ef7541
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74907


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Change-Id: I128659dc3c5e6370bdc6bc62154358029fb3d11c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74906


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Admin tools sessions are revoked in case the initiatin backend user
does not have admin or system maintainer privileges anymore. Besides
that, revoking backend user interface sessions now also revokes access
to admin tools. Standalone install tool is not affected.

Resolves: #92019
Releases: main, 11.5, 10.4
Change-Id: I367098abd632fa34caa59e4e165f5ab1916894c5
Security-Bulletin: TYPO3-CORE-SA-2022-005
Security-References: CVE-2022-31050
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74896


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The `receiverName` variable used in the password recovery mail of the
Extbase felogin plugin was susceptible to HTML injection due to
missing sanitization. The variable is now passed thru the
`f:format.htmlspecialchars` ViewHelper.

Resolves: #96559
Releases: main, 11.5, 10.4
Change-Id: I60e23c161f7f2fcc87b8870345b10a4c31d7b8db
Security-Bulletin: TYPO3-CORE-SA-2022-004
Security-References: CVE-2022-31049
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74895


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Multivalue items in the form editor user interface were previewed
as HTML, but should be treated as scalar text only.

Resolves: #96743
Releases: main, 11.5, 10.4
Change-Id: I5e8dab26119490ecf19ac5d48c2bc7a5a00daaad
Security-Bulletin: TYPO3-CORE-SA-2022-003
Security-References: CVE-2022-31048
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74894


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

When a TYPO3 exception is handled through registered exception
handlers, log writers may log sensitive information to logs,
since the full stacktrace is logged.

With this change, exception handlers that extend
AbstractExceptionHandler except DebugExceptionHandler will
by default not include the exception object any more and
thereby not log the full stacktrace.

Resolves: #96866
Releases: main, 11.5, 10.4
Change-Id: Iaf233eefc9a1a60334a47753baf457e8282e68c0
Security-Bulletin: TYPO3-CORE-SA-2022-002
Security-References: CVE-2022-31047
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74893


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The import functionality of the import/export module is already
restricted to admin users or users, who explicitly have access through
the user TSConfig setting "options.impexp.enableImportForNonAdminUser".

The export functionality has the following security drawbacks:

* Export for editors is not limited on field level
* The "Save to filename" functionality saves to a shared folder, which
  other editors with different access rights may have access to.

Both issues are not easy to resolve and also the target audience for
the Import/Export functionality are mainly TYPO3 admins.

Therefore, now also the export functionality is restricted to TYPO3
admin users and to users, who explicitly have access through the new
user TSConfig setting "options.impexp.enableExportForNonAdminUser".

Additionally, the contents of the temporary "importexport" folder in
file storages is now only visible to users who have access to the
export functionality.

In general, it is recommended to only install the Import/Export
extension when the functionality is required.

Resolves: #94951
Releases: main, 11.5, 10.4
Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2
Security-Bulletin: TYPO3-CORE-SA-2022-001
Security-References: CVE-2022-31046
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74892


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Some default fields (e.g. tt_content.bodytext) can contain null values.
TYPO3 first fetches the data in the default language and then overlays
the rows data with the translation values. The overlay method inspects
each array item with the php isset() function. This validates not only
the existence of the array key, but also the values. null and
false values evaluated as false. Empty strings evaluate as true.
This leads to inconsistent output in the frontend.

The overlay now valides only the array key existence and applies also
empty values.

Resolves: #97616
Releases: main, 11.5, 10.4
Change-Id: I4b01c52e9ac7adde786b3395bce870bc0a354b58
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74837


Tested-by: André Buchmann <andy.schliesser@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: André Buchmann <andy.schliesser@gmail.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.

3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^6.5.7 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^6.5.7 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74879


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

This change adds the ability to clean rendered documentation
folder and files in all system extension folders in one go.
Mentioned folders are `typo3/sysext/*/Documentation-GENERATED-temp`.

Added command/testsuite:

* `Build/Scripts/runTests.sh -s cleanRenderedDocumentation`

Additionally the already combined cleaning command `-s clean`
is extended to delete rendered documentation in the same run.

Resolves: #97673
Releases: main, 11.5, 10.4
Change-Id: I344f897769cd5f475d43db67dd1b27693f49a658
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74842


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

A dialog trying to prevent overriding existing files in the filelist
module shows an incorrect modification date of files that are existing
on the server-side. When using regular unix timestamps (instead of
micro-timestamps), dedicated `moment.unix` function has to be used.

Resolves: #97724
Releases: main, 11.5, 10.4
Change-Id: Ieb5a00aaf87410e9721e39d91b9e0da13a109bc6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74816


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>