Mautic - Package Updates

nebulon

[3.3.5]

• Update Mautic to 4.4.5
• Full changelog
• fixed starting mandrill transport in immediately mode by @Rigiytip in #11607
• Fix ampersand encoding in tokens - backport to 4.4 by @JaZo in #11676
• Fix show Focus Items Builder - correction of reading sending data by @AlanWierzchonCA in #11687
• Fix infinite recursion in search string helper - backport for 4.4 by @Rigiytip in #11714
• Fixing Custom Objects plugin - Upsert functionality 4.4 by @aarohiprasad in #11746
• Resolving Hubspot Mapping Error by @onairmarc in #11753
• Update Transifex to use new SDK & improve code for M4 by @escopecz in #11758
• Fix/change hubspot api auth by @npracht in #11470

nebulon

[3.3.6]

• Update Mautic to 4.4.6
• Full changelog
• Fix marketing message sorting by category (v4.x) by @volha-pivavarchyk in #11733
• Fix html code with unicode content by @kuzmany in #9516
• Add orderBy to findOneBy to return more accurate eventLog result by @pwned555 in #11636
• Clarify global segment setting's tooltip by @bradjones1 in #11809

nebulon

[3.3.7]

• Update Mautic to 4.4.7
• Full changelog
• Fix date/datetime empty mysql expression for contact field condition by @kuzmany in #11660
• Fix: Dynamic Content in emails (legacy builder)- default content is not saved properly by @irfanhanfi in #11887
• Fix failing API test on PHP 8 by @mollux in #11957
• Fix error when /tmp is not available by @pedrodejesus in #9929
• Fix automated test for M4 branch by @escopecz in #12069
• Custom object export fix by @escopecz in #11989
• Fix resubscribe action condition check by @mabumusa1 in #11918

nebulon

[3.3.8]

• Update Mautic to 4.4.8
• Full changelog
• Improve test speed of campaign count tests (backport 4.4) by @mollux in https://github.com/mautic/mautic/pull/12158
• Fix segment mails not using site_url [backport to 4.x] by @nick-vanpraet in https://github.com/mautic/mautic/pull/11920
• Get request variables from query instead of request. by @irfan-synerzip in https://github.com/mautic/mautic/pull/12002
• fix for email graph stats when switching between variant and all by @mollux in https://github.com/mautic/mautic/pull/12050
• Bugfix 12063 - 500 Error when changing tag in a Contact and clicking save&close [4.x] by @LordRembo in https://github.com/mautic/mautic/pull/12105
• Add exit code to some mautic commands by @beetofly in https://github.com/mautic/mautic/pull/11963

girish

[3.3.9]

• Update Mautic to 4.4.9
• Full changelog
• Deprecating Pipedrive by @escopecz in #12364 (read more in this blog post about alternatives)
• Adding Citrix plugin deprecation for M4 so it could be removed in M5 by @mabumusa1 in #12367 (read more in this article about alternatives)

nebulon

[3.3.10]

• Update Mautic to 4.4.10
• Full changelog
• AJAX requests use the site_url instead of the current domain [backport] by @nick-vanpraet in #12042
• ensure the elfinder paths are within the default firewall, so rememberme functionality works (backport) by @mollux in #12433
• ensure dependencies use a compatible version of psr/simple-cache - 4.4 by @mollux in #12453
• Fixing point translation (M4) by @escopecz in #12499
• ensure only leads from a company are shown on a the company detail overview - 4.4 by @mollux in #12466
• re-add missing commit to fix incorrect reporting dates by @mollux in #12541
• Update analytics.js to gtag to support ga4 by @martoboto in #12525
• Switching contact import to finish in background causes 500 by @nick-vanpraet in #12538
• Fixes #11888 for mailjet puts only : in lead_donotcontact.comment by @beetofly in #11912
• Fix: Integration Campaign Members List issue by @irfanhanfi in #12058
• add codecov token to reduce the number of failed tests due to report upload failures - 4.4 by @mollux in #12610
• Fix Dynamic content block in email behaving differently in first save and edit [4.4] by @danadelion in #12634

girish

[3.4.0]

• Copy over media assets

girish

[3.5.0]

• Add support for aliases

girish

[4.0.0]

• Update Mautic to 5.0.2
• Release announcement
• Important Upgrade Notes:
  • This is a major upgrade to Mautic. Please raed the changelog thoroughly before upgrading
  • There are breakages to the plugin API and many plugins don't work anymore
  • The Cloudron LDAP integration is disabled now because the LDAP plugin doesn't work anymore
  • Post update, you can login as admin and reset the password of the previous LDAP users

girish

[3.5.1]

• Update Mautic to 4.4.11
• Full changelog
• DPMMA-2537 RFC 8058 one-click unsubscribe [backport] by @patrykgruszka in #13117 (read more in our blog post about the upcoming changes to Gmail and Yahoo's spam policies)
• Fixing Import custom email template functionality by @shinde-rahul in #12495
• Fix toggle buttons by @kuzmany in #12787

girish

[4.0.1]

• Update Mautic to 5.0.3
• Full changelog
• Focus first invalid element of form on validation error by @kuzmany in #13247
• Update preview form script source path for dev enviroment by @kuzmany in #13248
• Fix replace entity with reference for detached lists for add to segment action by @kuzmany in #13244
• Fix incorrect twig field checks for contacts and companies by @mollux in #13254
• fix incorrect version of the SpBundle dependency by @mollux in #13253
• Fix call to logger warn method. by @AdamBark in #13252
• Fix incorrect occurrences of dns where it should be dsn by @mollux in #13259
• Fix using messenger DSN with special characters by @mollux in #13255
• fix incorrect migration from old mail config to mailer_dsn config by @mollux in #13256
• add missing translations for flash messages by @mollux in #13258

girish

[4.0.2]

• Use a more up to date composer

girish

[4.0.3]

• Install mailer transports symfony/amazon-mailer symfony/mailgun-mailer by default

girish

[4.1.0]

• Fix installation of mailer transports
• Use mailer_dsn to configure email sending
• Add support for display name

nebulon

[4.1.1]

• Update Mautic to 5.0.4
• Full changelog
• CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
• CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
• CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
• CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
• CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
• CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
• DPMMA-2401 Use object's timezone when comparing with 'now' in DateTimeHelper by @patrykgruszka in #13320
• Fix form api create without post action parameter by @kuzmany in #13410
• DPMMA-2462 Fix Autowiring Dependency for PushToIntegrationTrait by @patrykgruszka in #13470
• DPMMA-2600 Fix for Grapesjs-Mjml self-closing tag issue by @patrykgruszka in #13431
• The API defines Contacts not Contact causing the API to not receive the correct mapping by @mallezie in #13208

girish

[3.5.2]

• Update Mautic to 4.4.12
• Full changelog
• CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
• CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
• CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
• CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
• CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
• CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w

girish

[4.2.0]

• make apache mpm prefork configurable

nebulon

[4.3.0]

• Update Mautic to 5.1.0
• Full changelog

girish

[4.3.1]

• Fix issue where cron runtime dir was not created

Package Updates

[4.3.2]

• Update Mautic to 5.1.1
• Full changelog
• CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc.
• CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasha in GHSA-xv68-rrmw-9xwf.
• CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7.
• CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2.
• CVE-2024-47059 - User enumeration through weak password login prompt - reported and fixed by @tomekkowalczyk and tested/reviewed by @escopecz and @patrykgruszka in GHSA-8vff-35qm-qjvv.
• CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruzska in GHSA-qf6m-6m4g-rmrc.