Mautic - Package Updates
-
[4.1.1]
- Update Mautic to 5.0.4
- Full changelog
- CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
- CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
- CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
- CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
- CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
- CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
- DPMMA-2401 Use object's timezone when comparing with 'now' in DateTimeHelper by @patrykgruszka in #13320
- Fix form api create without post action parameter by @kuzmany in #13410
- DPMMA-2462 Fix Autowiring Dependency for PushToIntegrationTrait by @patrykgruszka in #13470
- DPMMA-2600 Fix for Grapesjs-Mjml self-closing tag issue by @patrykgruszka in #13431
- The API defines Contacts not Contact causing the API to not receive the correct mapping by @mallezie in #13208
-
[3.5.2]
- Update Mautic to 4.4.12
- Full changelog
- CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
- CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
- CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
- CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
- CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
- CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
-
G girish forked this topic on
-
[4.3.2]
- Update Mautic to 5.1.1
- Full changelog
- CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc.
- CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasha in GHSA-xv68-rrmw-9xwf.
- CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7.
- CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2.
- CVE-2024-47059 - User enumeration through weak password login prompt - reported and fixed by @tomekkowalczyk and tested/reviewed by @escopecz and @patrykgruszka in GHSA-8vff-35qm-qjvv.
- CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruzska in GHSA-qf6m-6m4g-rmrc.
-
[4.4.0]
- Update mautic to 5.2.0
- Full Changelog
- Optimizing contacts activity API (refactoring of MR-10237 for Mautic v5) by @Moongazer in https://github.com/mautic/mautic/pull/12305
- Refactor DBAL execute method to executeQuery. by @biozshock in https://github.com/mautic/mautic/pull/14139
- Using "anonymous: lazy" to make the firewall lazy is deprecated, use "anonymous: true" and "lazy: true" instead. by @biozshock in https://github.com/mautic/mautic/pull/14124
- The "security.encoder_factory.generic" service is deprecated, use "scurity.password_hasher_factory" instead. by @biozshock in https://github.com/mautic/mautic/pull/14125
- [UI] Refactor hardcoded buttons using Twig template by @andersonjeccel in https://github.com/mautic/mautic/pull/14233
- [UX] Updating Blank theme to MJML by @andersonjeccel in https://github.com/mautic/mautic/pull/14255
- Referencing controllers with a single colon is deprecated. by @biozshock in https://github.com/mautic/mautic/pull/14130
- Update readme and devdocs link by @laurielim in https://github.com/mautic/mautic/pull/14207
-
[4.4.1]
- Update mautic to 5.2.1
- Full Changelog
- [UI/UX] Search (almost) Everything by @andersonjeccel in https://github.com/mautic/mautic/pull/14353
- Add support to check duplicates for api/companies/batch/new by @kuzmany in https://github.com/mautic/mautic/pull/12273
- fix: [DPMMA-2945] use hex colors in ckeditor by @patrykgruszka in https://github.com/mautic/mautic/pull/14322
- fix: delete emails deleting contacts by @andersonjeccel in https://github.com/mautic/mautic/pull/14335
- fix: theme upload width by @andersonjeccel in https://github.com/mautic/mautic/pull/14334
-
[4.4.2]
- Update mautic to 5.2.2
- Full Changelog
- Add missing "isIndexed" and "charLegthLimit" fields to the API response of Contact Fields. by @biozshock in https://github.com/mautic/mautic/pull/14442
- fix: Creating or updating a contact via the Rest API discards seconds for date time fields by @driskell in https://github.com/mautic/mautic/pull/14484
- Fix FormSubscriberTest by @fedys in https://github.com/mautic/mautic/pull/14474
- Update decision/action panel colors in campaign's builder by @Hugo-Prossaird in https://github.com/mautic/mautic/pull/14404
- Fix template for Campaign Editor by @bastolen in https://github.com/mautic/mautic/pull/14491
- DPMMA-3048 Fix campaign execution stuck due to incorrect lead detachment in membership change action by @patrykgruszka in https://github.com/mautic/mautic/pull/14497
- Add allowed protocols for links in CK5, so people can add phone links by @LordRembo in ht
- ...
-
[4.4.3]
- Update mautic to 5.2.3
- Full Changelog
- CVE-2024-47053 - Improper Authorization in Reporting API - Reported by @putzwasser, fixed by @lenonleite and tested/reviwed by @escopecz and @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
- CVE-2022-25773 - Relative Path Traversal in assets file upload - Reported by @majkelstick and @patrykgruszka, fixed by @patrykgruszka and tested/reviewed by @escopecz and @lenonleite in https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
- CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads - Reported by @mallo-m, fixed by @lenonleite and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
- DPMMA-3031 Configurable email address length limit to prevent delivery issues by @patrykgruszka in https://github.com/mautic/mautic/pull/14577
- Fixing the audit log widget when a contact is deleted by @escopecz in https://github.com/mautic/mautic/pull/14541
- Fixing segment building with default timezone by @escopecz in https://github.com/mautic/mautic/pull/14549
- Email click tracking fix, PHP warning fix by @escopecz in https://github.com/mautic/mautic/pull/14540
- fix: Fix font selection in CKEditor not including fallback fonts in output by @driskell in https://github.com/mautic/mautic/pull/14539
-
[4.4.4]
- Update mautic to 5.2.4
- Full Changelog
- Fixing a 500 error when an asset was not found by @escopecz in https://github.com/mautic/mautic/pull/14663
- DPMMA-3039 Company lookup limit by @patrykgruszka in https://github.com/mautic/mautic/pull/14461
- Change behaviour of group elements for lookup field type by @npracht in https://github.com/mautic/mautic/pull/14716
- Fix of disabling the Dashboard widget cache by @JonasLudwig1998 in https://github.com/mautic/mautic/pull/14467
- DPMMA-3033 Correct focus item script response codes and fix undefined Focus.iframe by @patrykgruszka in https://github.com/mautic/mautic/pull/14521
- Fix wording and encoding issue in notifications by @npracht in https://github.com/mautic/mautic/pull/14711
- Salesforce campaign segment filter select fixed by @npracht in https://github.com/mautic/mautic/pull/14712
- DPMMA-3096 Fix report boolean fields by @patrykgruszka in https://github.com/mautic/mautic/pull/14782
- Fix #13570 - incorrect banner when multiple theme deletion by @johbuch in https://github.com/mautic/mautic/pull/14092
- Fix issue #14338 Custom HTML Content hidden when creating email in Code Mode by @laurielim in https://github.com/mautic/mautic/pull/14638
-
[4.5.0]
- Update base image to 5.0.0
- Update PHP to 8.3
-
[5.0.0]
- This is a major version update. Make sure all used plugins are compatible first.
- Update mautic to 6.0.0
- Full Changelog
- Remove deprecated GenericPointSettingsType for M6 by @putzwasser in #13904
- Removing the Gated Video feature by @escopecz in #14284
- Use the new Symfony authenticator system. by @biozshock in #14219
- [UI] Remove Froala styles by @andersonjeccel in #14271
- Upgrading Mautic to Symfony 6 by @escopecz in #13962
- [UI] Remove Font Awesome by @andersonjeccel in #14265
- Removing the legacy builder by @escopecz in #14450
- Removed MauticFactory::getDatabase. by @biozshock in #14418
- Removed MauticFactory::getIpAddressFromRequest and MauticFactory::getDate. by @biozshock in #14564
- Removed MauticFactory::getParameter. by @biozshock in #14565
-
[5.0.1]
- Update mautic to 6.0.1
- Full Changelog
- Fix #14804: Hamburger menu issue on mobile by @pelbox in https://github.com/mautic/mautic/pull/14886
- Fix #14457: Contact names with ampersands not showing in search by @goma101 in https://github.com/mautic/mautic/pull/14818
- Fix #14240: Blank link shown in theme actions dropdown by @pedroasgomes in https://github.com/mautic/mautic/pull/14833
- Fix: More trust settings: shows labels without inputs by @Krishu0765 in https://github.com/mautic/mautic/pull/14934
- Fix SMS duplicate send by @kuzmany in https://github.com/mautic/mautic/pull/14874
- Fixing migrations' preup checks by @escopecz in https://github.com/mautic/mautic/pull/14824
- Add migration preup checks by @matbcvo in https://github.com/mautic/mautic/pull/14852
- Allow more time window to make test valid. by @biozshock in https://github.com/mautic/mautic/pull/14918
-
[5.0.2]
- Update mautic to 6.0.2
- Full Changelog
- CVE-2025-5257 - Predictable Page Indexing Might Lead to Sensitive Data Exposure - Reported and fixed by @lenonleite and tested/reviewed by @escopecz and @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8
- CVE-2024-47056 - Mautic does not shield .env files from web traffic - Reported by @r3ky, analyzed by @lenonleite fixed by @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh
- CVE-2024-47057 - User name enumeration possible due to response time difference on password reset form - Reported and fixed by @tomekkowalczyk and reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
- CVE-2024-47055 - Segment cloning doesn't have a proper permission check - Reported and fixed by @abhisekmazumdar and @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
- CVE-2025-5256 - Open Redirect vulnerability on user unlock path - Reported and fixed by @tomekkowalczyk, tested/reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373
- fix #14449: Dynamic Content in emails - not all variants visible in editor by @Krishu0765 in https://github.com/mautic/mautic/pull/14966
