Mautic - Package Updates
-
[3.3.9]
- Update Mautic to 4.4.9
- Full changelog
- Deprecating Pipedrive by @escopecz in #12364 (read more in this blog post about alternatives)
- Adding Citrix plugin deprecation for M4 so it could be removed in M5 by @mabumusa1 in #12367 (read more in this article about alternatives)
-
[3.3.10]
- Update Mautic to 4.4.10
- Full changelog
- AJAX requests use the site_url instead of the current domain [backport] by @nick-vanpraet in #12042
- ensure the elfinder paths are within the default firewall, so rememberme functionality works (backport) by @mollux in #12433
- ensure dependencies use a compatible version of psr/simple-cache - 4.4 by @mollux in #12453
- Fixing point translation (M4) by @escopecz in #12499
- ensure only leads from a company are shown on a the company detail overview - 4.4 by @mollux in #12466
- re-add missing commit to fix incorrect reporting dates by @mollux in #12541
- Update analytics.js to gtag to support ga4 by @martoboto in #12525
- Switching contact import to finish in background causes 500 by @nick-vanpraet in #12538
- Fixes #11888 for mailjet puts only : in lead_donotcontact.comment by @beetofly in #11912
- Fix: Integration Campaign Members List issue by @irfanhanfi in #12058
- add codecov token to reduce the number of failed tests due to report upload failures - 4.4 by @mollux in #12610
- Fix Dynamic content block in email behaving differently in first save and edit [4.4] by @danadelion in #12634
-
D Dave Swift referenced this topic on
-
[4.0.0]
- Update Mautic to 5.0.2
- Release announcement
- Important Upgrade Notes:
- This is a major upgrade to Mautic. Please raed the changelog thoroughly before upgrading
- There are breakages to the plugin API and many plugins don't work anymore
- The Cloudron LDAP integration is disabled now because the LDAP plugin doesn't work anymore
- Post update, you can login as admin and reset the password of the previous LDAP users
-
[3.5.1]
- Update Mautic to 4.4.11
- Full changelog
- DPMMA-2537 RFC 8058 one-click unsubscribe [backport] by @patrykgruszka in #13117 (read more in our blog post about the upcoming changes to Gmail and Yahoo's spam policies)
- Fixing Import custom email template functionality by @shinde-rahul in #12495
- Fix toggle buttons by @kuzmany in #12787
-
G girish forked this topic on
-
[4.0.1]
- Update Mautic to 5.0.3
- Full changelog
- Focus first invalid element of form on validation error by @kuzmany in #13247
- Update preview form script source path for dev enviroment by @kuzmany in #13248
- Fix replace entity with reference for detached lists for add to segment action by @kuzmany in #13244
- Fix incorrect twig field checks for contacts and companies by @mollux in #13254
- fix incorrect version of the SpBundle dependency by @mollux in #13253
- Fix call to logger warn method. by @AdamBark in #13252
- Fix incorrect occurrences of dns where it should be dsn by @mollux in #13259
- Fix using messenger DSN with special characters by @mollux in #13255
- fix incorrect migration from old mail config to mailer_dsn config by @mollux in #13256
- add missing translations for flash messages by @mollux in #13258
-
[4.1.1]
- Update Mautic to 5.0.4
- Full changelog
- CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
- CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
- CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
- CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
- CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
- CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
- DPMMA-2401 Use object's timezone when comparing with 'now' in DateTimeHelper by @patrykgruszka in #13320
- Fix form api create without post action parameter by @kuzmany in #13410
- DPMMA-2462 Fix Autowiring Dependency for PushToIntegrationTrait by @patrykgruszka in #13470
- DPMMA-2600 Fix for Grapesjs-Mjml self-closing tag issue by @patrykgruszka in #13431
- The API defines Contacts not Contact causing the API to not receive the correct mapping by @mallezie in #13208
-
[3.5.2]
- Update Mautic to 4.4.12
- Full changelog
- CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
- CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
- CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
- CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
- CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
- CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
-
G girish forked this topic on
-
[4.3.2]
- Update Mautic to 5.1.1
- Full changelog
- CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc.
- CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasha in GHSA-xv68-rrmw-9xwf.
- CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7.
- CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2.
- CVE-2024-47059 - User enumeration through weak password login prompt - reported and fixed by @tomekkowalczyk and tested/reviewed by @escopecz and @patrykgruszka in GHSA-8vff-35qm-qjvv.
- CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruzska in GHSA-qf6m-6m4g-rmrc.
-
[4.4.0]
- Update mautic to 5.2.0
- Full Changelog
- Optimizing contacts activity API (refactoring of MR-10237 for Mautic v5) by @Moongazer in https://github.com/mautic/mautic/pull/12305
- Refactor DBAL execute method to executeQuery. by @biozshock in https://github.com/mautic/mautic/pull/14139
- Using "anonymous: lazy" to make the firewall lazy is deprecated, use "anonymous: true" and "lazy: true" instead. by @biozshock in https://github.com/mautic/mautic/pull/14124
- The "security.encoder_factory.generic" service is deprecated, use "scurity.password_hasher_factory" instead. by @biozshock in https://github.com/mautic/mautic/pull/14125
- [UI] Refactor hardcoded buttons using Twig template by @andersonjeccel in https://github.com/mautic/mautic/pull/14233
- [UX] Updating Blank theme to MJML by @andersonjeccel in https://github.com/mautic/mautic/pull/14255
- Referencing controllers with a single colon is deprecated. by @biozshock in https://github.com/mautic/mautic/pull/14130
- Update readme and devdocs link by @laurielim in https://github.com/mautic/mautic/pull/14207
-
[4.4.1]
- Update mautic to 5.2.1
- Full Changelog
- [UI/UX] Search (almost) Everything by @andersonjeccel in https://github.com/mautic/mautic/pull/14353
- Add support to check duplicates for api/companies/batch/new by @kuzmany in https://github.com/mautic/mautic/pull/12273
- fix: [DPMMA-2945] use hex colors in ckeditor by @patrykgruszka in https://github.com/mautic/mautic/pull/14322
- fix: delete emails deleting contacts by @andersonjeccel in https://github.com/mautic/mautic/pull/14335
- fix: theme upload width by @andersonjeccel in https://github.com/mautic/mautic/pull/14334
-
[4.4.2]
- Update mautic to 5.2.2
- Full Changelog
- Add missing "isIndexed" and "charLegthLimit" fields to the API response of Contact Fields. by @biozshock in https://github.com/mautic/mautic/pull/14442
- fix: Creating or updating a contact via the Rest API discards seconds for date time fields by @driskell in https://github.com/mautic/mautic/pull/14484
- Fix FormSubscriberTest by @fedys in https://github.com/mautic/mautic/pull/14474
- Update decision/action panel colors in campaign's builder by @Hugo-Prossaird in https://github.com/mautic/mautic/pull/14404
- Fix template for Campaign Editor by @bastolen in https://github.com/mautic/mautic/pull/14491
- DPMMA-3048 Fix campaign execution stuck due to incorrect lead detachment in membership change action by @patrykgruszka in https://github.com/mautic/mautic/pull/14497
- Add allowed protocols for links in CK5, so people can add phone links by @LordRembo in ht
- ...
-
[4.4.3]
- Update mautic to 5.2.3
- Full Changelog
- CVE-2024-47053 - Improper Authorization in Reporting API - Reported by @putzwasser, fixed by @lenonleite and tested/reviwed by @escopecz and @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
- CVE-2022-25773 - Relative Path Traversal in assets file upload - Reported by @majkelstick and @patrykgruszka, fixed by @patrykgruszka and tested/reviewed by @escopecz and @lenonleite in https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
- CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads - Reported by @mallo-m, fixed by @lenonleite and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
- DPMMA-3031 Configurable email address length limit to prevent delivery issues by @patrykgruszka in https://github.com/mautic/mautic/pull/14577
- Fixing the audit log widget when a contact is deleted by @escopecz in https://github.com/mautic/mautic/pull/14541
- Fixing segment building with default timezone by @escopecz in https://github.com/mautic/mautic/pull/14549
- Email click tracking fix, PHP warning fix by @escopecz in https://github.com/mautic/mautic/pull/14540
- fix: Fix font selection in CKEditor not including fallback fonts in output by @driskell in https://github.com/mautic/mautic/pull/14539
