github mautic/mautic 5.0.4
Mautic Community 5.0.4
on GitHub

latest release: 4.4.12
22 days ago

🔒Security release

This release bumps some of our dependencies and also addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.

What's Changed

🔒Security fixes

CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422

CVE-2022-25774 - XSS in Notifications via saving Dashboards - https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f

CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p

CVE-2022-25775 - SQL Injection in dynamic Reports - https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94

CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8

CVE-2022-25777 - Server-Side Request Forgery in Asset section - https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w

⬆️ Dependencies

Upgrade twig package by @lenonleite in #13604
Upgrade http kernel by @lenonleite in #13605
Upgrade phpseclib by @lenonleite in #13607
Upgrade elfinder package by @lenonleite in #13608
Upgrade composer packages by @lenonleite in #13603
Upgrade guzzlehttp psr7 by @lenonleite in #13606
Updating symfony/flex by @escopecz in #13589
Update to last gitpod version by @lenonleite in #13601

🐛 Bugs

Full Changelog: 5.0.3...5.0.4

SHA1(5.0.4.zip)= 593cfded533ea44d0a7dc3bbbedd0eb51ff12aeb
SHA1(5.0.4-update.zip)= e7242d4bc728e1def79f8f7a4fef1d188cac5adc

Check out latest releases or
releases around mautic/mautic 5.0.4

Don't miss a new mautic release

NewReleases is sending notifications on new releases.

Get notifications