TYPO3 v10 has reached end-of-life as of April 30th 2023 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.

Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v10 here: TYPO3 ELTS.

Version control

Add to version control system

If you use a version control system such as Git (and you really should!), it is important to add both files composer.json and composer.lock (which were created automatically during the previous steps). The composer.lock file keeps track of the exact versions that are installed, so that you are on the same versions as your co-workers (and when deploying to the live system).


It is always good practice to exclude passwords from checked-in files (for example, config/system/settings.php). A solution may be to add the setting containing sensitive information to config/system/additional.php and use an .env file in the project directory to configure the password and other configuration along with helhum/dotenv-collector.

Additionally, some files and folders added by Composer should be excluded:

  • public/index.php

  • public/typo3/

  • public/typo3conf/ext/

  • vendor/

A .gitignore file could look like this:


Checkout from version control system

All your co-workers should always run composer install after they have checked out the files. This command will install the packages in the appropriate versions defined in composer.lock. This way, you and your co-workers always have the same versions of the TYPO3 Core and the extensions installed.