TYPO3 13.4.33—What’s Changed?

Released: July 14, 2026
Update type: Bugfix and maintenance release

TYPO3 13.4.33 is a maintenance release focusing on stability improvements and bug fixes. Key improvements include refined DataHandler exception handling, enhanced accessibility with language flag labels, and hardened security measures around unserialization. This release also updates dependencies including Guzzle and DOMPurify, and resolves several edge-case bugs in the backend.

Security Fixes

No security fixes in this release.

Editing & UX Improvements

  • Accessible language flag labels — Added accessible labels to language flags in content element headers, improving screen reader support.
  • Empty settings stringlist handling — Fixed issue preventing users from adding entries to empty settings stringlists.

Backend & Administration

  • DataHandler root-level exceptions — Refined exception handling for root-level restrictions in DataHandler operations.
  • Extension activation command — Added missing extension:activate to the list of available CLI commands.
  • SQLite database import — Fixed initial database import for the Introduction extension when using SQLite.
  • Redirects history rollback — Hardened processing of redirect history rollback operations.

Technical Changes

  • Guzzle dependency update — Raised guzzlehttp/* package dependencies to latest versions.
  • PHPStan 2.2.3 update — Updated PHPStan to version 2.2.3 with custom rule to harden unserialize usage.
  • DOMPurify 3.4.11 — Updated npm package dompurify to version 3.4.11.
  • CorrelationId pattern fix — Allowed base64url characters in CorrelationId pattern validation.
  • Random string generation API — Promoted generateRandomBase64String to public API.
  • ModifyPageLinkConfigurationEvent enhancement — Added request object to ModifyPageLinkConfigurationEvent.