Mautic - Package Updates

girish

[3.4.0]

girish

[3.5.0]

girish

[4.0.0]

Update Mautic to 5.0.2
Release announcement
Important Upgrade Notes:
- This is a major upgrade to Mautic. Please raed the changelog thoroughly before upgrading
- There are breakages to the plugin API and many plugins don't work anymore
- The Cloudron LDAP integration is disabled now because the LDAP plugin doesn't work anymore
- Post update, you can login as admin and reset the password of the previous LDAP users

girish

[3.5.1]

Update Mautic to 4.4.11
Full changelog
DPMMA-2537 RFC 8058 one-click unsubscribe [backport] by @patrykgruszka in #13117 (read more in our blog post about the upcoming changes to Gmail and Yahoo's spam policies)
Fixing Import custom email template functionality by @shinde-rahul in #12495
Fix toggle buttons by @kuzmany in #12787

girish

[4.0.1]

Update Mautic to 5.0.3
Full changelog
Focus first invalid element of form on validation error by @kuzmany in #13247
Update preview form script source path for dev enviroment by @kuzmany in #13248
Fix replace entity with reference for detached lists for add to segment action by @kuzmany in #13244
Fix incorrect twig field checks for contacts and companies by @mollux in #13254
fix incorrect version of the SpBundle dependency by @mollux in #13253
Fix call to logger warn method. by @AdamBark in #13252
Fix incorrect occurrences of dns where it should be dsn by @mollux in #13259
Fix using messenger DSN with special characters by @mollux in #13255
fix incorrect migration from old mail config to mailer_dsn config by @mollux in #13256
add missing translations for flash messages by @mollux in #13258

girish

[4.0.2]

girish

[4.0.3]

Install mailer transports symfony/amazon-mailer symfony/mailgun-mailer by default

girish

[4.1.0]

nebulon

[4.1.1]

Update Mautic to 5.0.4
Full changelog
CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
DPMMA-2401 Use object's timezone when comparing with 'now' in DateTimeHelper by @patrykgruszka in #13320
Fix form api create without post action parameter by @kuzmany in #13410
DPMMA-2462 Fix Autowiring Dependency for PushToIntegrationTrait by @patrykgruszka in #13470
DPMMA-2600 Fix for Grapesjs-Mjml self-closing tag issue by @patrykgruszka in #13431
The API defines Contacts not Contact causing the API to not receive the correct mapping by @mallezie in #13208

girish

[3.5.2]

Update Mautic to 4.4.12
Full changelog
CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w

girish

[4.2.0]

nebulon

[4.3.0]

girish

[4.3.1]

Package Updates

[4.3.2]

Update Mautic to 5.1.1
Full changelog
CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc.
CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasha in GHSA-xv68-rrmw-9xwf.
CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7.
CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2.
CVE-2024-47059 - User enumeration through weak password login prompt - reported and fixed by @tomekkowalczyk and tested/reviewed by @escopecz and @patrykgruszka in GHSA-8vff-35qm-qjvv.
CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruzska in GHSA-qf6m-6m4g-rmrc.

Package Updates

[4.4.0]

Update mautic to 5.2.0
Full Changelog
Optimizing contacts activity API (refactoring of MR-10237 for Mautic v5) by @Moongazer in https://github.com/mautic/mautic/pull/12305
Refactor DBAL execute method to executeQuery. by @biozshock in https://github.com/mautic/mautic/pull/14139
Using "anonymous: lazy" to make the firewall lazy is deprecated, use "anonymous: true" and "lazy: true" instead. by @biozshock in https://github.com/mautic/mautic/pull/14124
The "security.encoder_factory.generic" service is deprecated, use "scurity.password_hasher_factory" instead. by @biozshock in https://github.com/mautic/mautic/pull/14125
[UI] Refactor hardcoded buttons using Twig template by @andersonjeccel in https://github.com/mautic/mautic/pull/14233
[UX] Updating Blank theme to MJML by @andersonjeccel in https://github.com/mautic/mautic/pull/14255
Referencing controllers with a single colon is deprecated. by @biozshock in https://github.com/mautic/mautic/pull/14130
Update readme and devdocs link by @laurielim in https://github.com/mautic/mautic/pull/14207

Package Updates

[4.4.1]

Cloudron Forum