Mautic - Package Updates
-
[4.4.3]
- Update mautic to 5.2.3
- Full Changelog
- CVE-2024-47053 - Improper Authorization in Reporting API - Reported by @putzwasser, fixed by @lenonleite and tested/reviwed by @escopecz and @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
- CVE-2022-25773 - Relative Path Traversal in assets file upload - Reported by @majkelstick and @patrykgruszka, fixed by @patrykgruszka and tested/reviewed by @escopecz and @lenonleite in https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
- CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads - Reported by @mallo-m, fixed by @lenonleite and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
- DPMMA-3031 Configurable email address length limit to prevent delivery issues by @patrykgruszka in https://github.com/mautic/mautic/pull/14577
- Fixing the audit log widget when a contact is deleted by @escopecz in https://github.com/mautic/mautic/pull/14541
- Fixing segment building with default timezone by @escopecz in https://github.com/mautic/mautic/pull/14549
- Email click tracking fix, PHP warning fix by @escopecz in https://github.com/mautic/mautic/pull/14540
- fix: Fix font selection in CKEditor not including fallback fonts in output by @driskell in https://github.com/mautic/mautic/pull/14539
-
[4.4.4]
- Update mautic to 5.2.4
- Full Changelog
- Fixing a 500 error when an asset was not found by @escopecz in https://github.com/mautic/mautic/pull/14663
- DPMMA-3039 Company lookup limit by @patrykgruszka in https://github.com/mautic/mautic/pull/14461
- Change behaviour of group elements for lookup field type by @npracht in https://github.com/mautic/mautic/pull/14716
- Fix of disabling the Dashboard widget cache by @JonasLudwig1998 in https://github.com/mautic/mautic/pull/14467
- DPMMA-3033 Correct focus item script response codes and fix undefined Focus.iframe by @patrykgruszka in https://github.com/mautic/mautic/pull/14521
- Fix wording and encoding issue in notifications by @npracht in https://github.com/mautic/mautic/pull/14711
- Salesforce campaign segment filter select fixed by @npracht in https://github.com/mautic/mautic/pull/14712
- DPMMA-3096 Fix report boolean fields by @patrykgruszka in https://github.com/mautic/mautic/pull/14782
- Fix #13570 - incorrect banner when multiple theme deletion by @johbuch in https://github.com/mautic/mautic/pull/14092
- Fix issue #14338 Custom HTML Content hidden when creating email in Code Mode by @laurielim in https://github.com/mautic/mautic/pull/14638
-
[4.5.0]
- Update base image to 5.0.0
- Update PHP to 8.3
-
[5.0.0]
- This is a major version update. Make sure all used plugins are compatible first.
- Update mautic to 6.0.0
- Full Changelog
- Remove deprecated GenericPointSettingsType for M6 by @putzwasser in #13904
- Removing the Gated Video feature by @escopecz in #14284
- Use the new Symfony authenticator system. by @biozshock in #14219
- [UI] Remove Froala styles by @andersonjeccel in #14271
- Upgrading Mautic to Symfony 6 by @escopecz in #13962
- [UI] Remove Font Awesome by @andersonjeccel in #14265
- Removing the legacy builder by @escopecz in #14450
- Removed MauticFactory::getDatabase. by @biozshock in #14418
- Removed MauticFactory::getIpAddressFromRequest and MauticFactory::getDate. by @biozshock in #14564
- Removed MauticFactory::getParameter. by @biozshock in #14565
-
[5.0.1]
- Update mautic to 6.0.1
- Full Changelog
- Fix #14804: Hamburger menu issue on mobile by @pelbox in https://github.com/mautic/mautic/pull/14886
- Fix #14457: Contact names with ampersands not showing in search by @goma101 in https://github.com/mautic/mautic/pull/14818
- Fix #14240: Blank link shown in theme actions dropdown by @pedroasgomes in https://github.com/mautic/mautic/pull/14833
- Fix: More trust settings: shows labels without inputs by @Krishu0765 in https://github.com/mautic/mautic/pull/14934
- Fix SMS duplicate send by @kuzmany in https://github.com/mautic/mautic/pull/14874
- Fixing migrations' preup checks by @escopecz in https://github.com/mautic/mautic/pull/14824
- Add migration preup checks by @matbcvo in https://github.com/mautic/mautic/pull/14852
- Allow more time window to make test valid. by @biozshock in https://github.com/mautic/mautic/pull/14918
-
[5.0.2]
- Update mautic to 6.0.2
- Full Changelog
- CVE-2025-5257 - Predictable Page Indexing Might Lead to Sensitive Data Exposure - Reported and fixed by @lenonleite and tested/reviewed by @escopecz and @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8
- CVE-2024-47056 - Mautic does not shield .env files from web traffic - Reported by @r3ky, analyzed by @lenonleite fixed by @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh
- CVE-2024-47057 - User name enumeration possible due to response time difference on password reset form - Reported and fixed by @tomekkowalczyk and reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
- CVE-2024-47055 - Segment cloning doesn't have a proper permission check - Reported and fixed by @abhisekmazumdar and @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
- CVE-2025-5256 - Open Redirect vulnerability on user unlock path - Reported and fixed by @tomekkowalczyk, tested/reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373
- fix #14449: Dynamic Content in emails - not all variants visible in editor by @Krishu0765 in https://github.com/mautic/mautic/pull/14966
-
[5.0.3]
- Update mautic to 6.0.3
- Full Changelog
- Fix dynamic content token replacement for external plugins by @biozshock in https://github.com/mautic/mautic/pull/14599
- Fix API bulk edit processing same contact multiple times by @biozshock in https://github.com/mautic/mautic/pull/14928
- Fix: Unable to upload assets with non-default file extensions by @andersonjeccel in https://github.com/mautic/mautic/pull/15111
- DPMMA-1020 Fix search email with special characters in campaign action by @patrykgruszka in https://github.com/mautic/mautic/pull/10306
- Fix campaign source widget text overflow handling by @kuzmany in https://github.com/mautic/mautic/pull/15055
- FIX: Removes onConfigSave which invokes htmlspecialchars and escapes tracking script by @putzwasser in https://github.com/mautic/mautic/pull/13859
- Fix custom field duplication when cloning contacts by @Hugo-Prossaird in https://github.com/mautic/mautic/pull/14780
- Fix refetchEntity call timing after Lead instance check by @kuzmany in https://github.com/mautic/mautic/pull/15051
- Fix error when saving contacts without points available by @npracht in https://github.com/mautic/mautic/pull/14714
- Fix: Pagination is now working on the Audit Log tab of a contact by @driskell in https://github.com/mautic/mautic/pull/15086
-
[5.1.0]
- checklist added to manifest
-
[5.1.1]
- Update mautic to 6.0.4
- Full Changelog
- Preserve selected company when contact has more than 100 companies in the list by @patrykgruszka in https://github.com/mautic/mautic/pull/15232
- Fix incorrectly encoded string value constants for ANSI SQL compatibility (6.x) by @notz in https://github.com/mautic/mautic/pull/15324
- Fix issue with read/write replicas by replacing improper executeQuery usage with executeStatement for data modification queries by @patrykgruszka
-
[5.1.2]
- Update mautic to 6.0.5
- Full Changelog
- This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
- https://www.cve.org/CVERecord?id=CVE-2025-9821 - SSRF via webhook function - Reported by @asesidaa and fixed by @patrykgruszka and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69
- https://www.cve.org/CVERecord?id=CVE-2025-9822 - Secret data extraction via elfinder - Reported by @B0D0B0P0T and fixed by @lenonleite and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w
- https://www.cve.org/CVERecord?id=CVE-2025-9824 - User Enumeration via Response Timing - Reported by @Vautia and fixed by @nick-vanpraet and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-3ggv-qwcp-j6xg
- https://www.cve.org/CVERecord?id=CVE-2025-9823 - Reflected XSS in lead:addLeadTags - Quick Add - Reported and fixed by @nmmorette and tested/reviewed by @kuzmany and @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-9v8p-m85m-f7mm
- DPMMA-2974 Fix Email chart stats for unsubscribed and bounced recipients by @patrykgruszka in #15315
- DPMMA-3186 Fix IMAP\Connection is already closed by @patrykgruszka in #15364
- Remove migration Version20230522141144 [6.0] by @matbcvo in #15385
