🔒Security release
This release bumps some of our dependencies and also addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
What's Changed
🔒Security fixes
CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
CVE-2022-25774 - XSS in Notifications via saving Dashboards - https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f
CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p
CVE-2022-25775 - SQL Injection in dynamic Reports - https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94
CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8
CVE-2022-25777 - Server-Side Request Forgery in Asset section - https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w
⬆️ Dependencies
- Upgrade twig package by @lenonleite in #13604
- Upgrade http kernel by @lenonleite in #13605
- Upgrade phpseclib by @lenonleite in #13607
- Upgrade elfinder package by @lenonleite in #13608
- Upgrade composer packages by @lenonleite in #13603
- Upgrade guzzlehttp psr7 by @lenonleite in #13606
- Updating symfony/flex by @escopecz in #13589
- Update to last gitpod version by @lenonleite in #13601
Full Changelog: 4.4.11...4.4.12
SHA1(4.4.12.zip)= c5e1406c0bcdb54d75a594a7d24a69ae18f9631c
SHA1(4.4.12-update.zip)= 8ea9ceed0bf1876588215423bcb1c27808ecdb29