Mautic - Package Updates

Package Updates

[4.4.0]

• Update mautic to 5.2.0
• Full Changelog
• Optimizing contacts activity API (refactoring of MR-10237 for Mautic v5) by @​Moongazer in https://github.com/mautic/mautic/pull/12305
• Refactor DBAL execute method to executeQuery. by @​biozshock in https://github.com/mautic/mautic/pull/14139
• Using "anonymous: lazy" to make the firewall lazy is deprecated, use "anonymous: true" and "lazy: true" instead. by @​biozshock in https://github.com/mautic/mautic/pull/14124
• The "security.encoder_factory.generic" service is deprecated, use "scurity.password_hasher_factory" instead. by @​biozshock in https://github.com/mautic/mautic/pull/14125
• [UI] Refactor hardcoded buttons using Twig template by @​andersonjeccel in https://github.com/mautic/mautic/pull/14233
• [UX] Updating Blank theme to MJML by @​andersonjeccel in https://github.com/mautic/mautic/pull/14255
• Referencing controllers with a single colon is deprecated. by @​biozshock in https://github.com/mautic/mautic/pull/14130
• Update readme and devdocs link by @​laurielim in https://github.com/mautic/mautic/pull/14207

Package Updates

[4.4.1]

• Update mautic to 5.2.1
• Full Changelog
• [UI/UX] Search (almost) Everything by @​andersonjeccel in https://github.com/mautic/mautic/pull/14353
• Add support to check duplicates for api/companies/batch/new by @​kuzmany in https://github.com/mautic/mautic/pull/12273
• fix: [DPMMA-2945] use hex colors in ckeditor by @​patrykgruszka in https://github.com/mautic/mautic/pull/14322
• fix: delete emails deleting contacts by @​andersonjeccel in https://github.com/mautic/mautic/pull/14335
• fix: theme upload width by @​andersonjeccel in https://github.com/mautic/mautic/pull/14334

Package Updates

[4.4.2]

• Update mautic to 5.2.2
• Full Changelog
• Add missing "isIndexed" and "charLegthLimit" fields to the API response of Contact Fields. by @​biozshock in https://github.com/mautic/mautic/pull/14442
• fix: Creating or updating a contact via the Rest API discards seconds for date time fields by @​driskell in https://github.com/mautic/mautic/pull/14484
• Fix FormSubscriberTest by @​fedys in https://github.com/mautic/mautic/pull/14474
• Update decision/action panel colors in campaign's builder by @​Hugo-Prossaird in https://github.com/mautic/mautic/pull/14404
• Fix template for Campaign Editor by @​bastolen in https://github.com/mautic/mautic/pull/14491
• DPMMA-3048 Fix campaign execution stuck due to incorrect lead detachment in membership change action by @​patrykgruszka in https://github.com/mautic/mautic/pull/14497
• Add allowed protocols for links in CK5, so people can add phone links by @​LordRembo in ht
• ...

Package Updates

[4.4.3]

• Update mautic to 5.2.3
• Full Changelog
• CVE-2024-47053 - Improper Authorization in Reporting API - Reported by @​putzwasser, fixed by @​lenonleite and tested/reviwed by @​escopecz and @​patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
• CVE-2022-25773 - Relative Path Traversal in assets file upload - Reported by @​majkelstick and @​patrykgruszka, fixed by @​patrykgruszka and tested/reviewed by @​escopecz and @​lenonleite in https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
• CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads - Reported by @​mallo-m, fixed by @​lenonleite and tested/reviewed by @​patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
• DPMMA-3031 Configurable email address length limit to prevent delivery issues by @​patrykgruszka in https://github.com/mautic/mautic/pull/14577
• Fixing the audit log widget when a contact is deleted by @​escopecz in https://github.com/mautic/mautic/pull/14541
• Fixing segment building with default timezone by @​escopecz in https://github.com/mautic/mautic/pull/14549
• Email click tracking fix, PHP warning fix by @​escopecz in https://github.com/mautic/mautic/pull/14540
• fix: Fix font selection in CKEditor not including fallback fonts in output by @​driskell in https://github.com/mautic/mautic/pull/14539

Package Updates

[4.4.4]

• Update mautic to 5.2.4
• Full Changelog
• Fixing a 500 error when an asset was not found by @​escopecz in https://github.com/mautic/mautic/pull/14663
• DPMMA-3039 Company lookup limit by @​patrykgruszka in https://github.com/mautic/mautic/pull/14461
• Change behaviour of group elements for lookup field type by @​npracht in https://github.com/mautic/mautic/pull/14716
• Fix of disabling the Dashboard widget cache by @​JonasLudwig1998 in https://github.com/mautic/mautic/pull/14467
• DPMMA-3033 Correct focus item script response codes and fix undefined Focus.iframe by @​patrykgruszka in https://github.com/mautic/mautic/pull/14521
• Fix wording and encoding issue in notifications by @​npracht in https://github.com/mautic/mautic/pull/14711
• Salesforce campaign segment filter select fixed by @​npracht in https://github.com/mautic/mautic/pull/14712
• DPMMA-3096 Fix report boolean fields by @​patrykgruszka in https://github.com/mautic/mautic/pull/14782
• Fix #​13570 - incorrect banner when multiple theme deletion by @​johbuch in https://github.com/mautic/mautic/pull/14092
• Fix issue #​14338 Custom HTML Content hidden when creating email in Code Mode by @​laurielim in https://github.com/mautic/mautic/pull/14638

Package Updates

[4.5.0]

• Update base image to 5.0.0
• Update PHP to 8.3

Package Updates

[5.0.0]

• This is a major version update. Make sure all used plugins are compatible first.
• Update mautic to 6.0.0
• Full Changelog
• Remove deprecated GenericPointSettingsType for M6 by @putzwasser in #13904
• Removing the Gated Video feature by @escopecz in #14284
• Use the new Symfony authenticator system. by @biozshock in #14219
• [UI] Remove Froala styles by @andersonjeccel in #14271
• Upgrading Mautic to Symfony 6 by @escopecz in #13962
• [UI] Remove Font Awesome by @andersonjeccel in #14265
• Removing the legacy builder by @escopecz in #14450
• Removed MauticFactory::getDatabase. by @biozshock in #14418
• Removed MauticFactory::getIpAddressFromRequest and MauticFactory::getDate. by @biozshock in #14564
• Removed MauticFactory::getParameter. by @biozshock in #14565

Package Updates

[5.0.1]

• Update mautic to 6.0.1
• Full Changelog
• Fix #14804: Hamburger menu issue on mobile by @pelbox in https://github.com/mautic/mautic/pull/14886
• Fix #14457: Contact names with ampersands not showing in search by @goma101 in https://github.com/mautic/mautic/pull/14818
• Fix #14240: Blank link shown in theme actions dropdown by @pedroasgomes in https://github.com/mautic/mautic/pull/14833
• Fix: More trust settings: shows labels without inputs by @Krishu0765 in https://github.com/mautic/mautic/pull/14934
• Fix SMS duplicate send by @kuzmany in https://github.com/mautic/mautic/pull/14874
• Fixing migrations' preup checks by @escopecz in https://github.com/mautic/mautic/pull/14824
• Add migration preup checks by @matbcvo in https://github.com/mautic/mautic/pull/14852
• Allow more time window to make test valid. by @biozshock in https://github.com/mautic/mautic/pull/14918

Package Updates

[5.0.2]

• Update mautic to 6.0.2
• Full Changelog
• CVE-2025-5257 - Predictable Page Indexing Might Lead to Sensitive Data Exposure - Reported and fixed by @lenonleite and tested/reviewed by @escopecz and @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8
• CVE-2024-47056 - Mautic does not shield .env files from web traffic - Reported by @r3ky, analyzed by @lenonleite fixed by @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh
• CVE-2024-47057 - User name enumeration possible due to response time difference on password reset form - Reported and fixed by @tomekkowalczyk and reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
• CVE-2024-47055 - Segment cloning doesn't have a proper permission check - Reported and fixed by @abhisekmazumdar and @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782
• CVE-2025-5256 - Open Redirect vulnerability on user unlock path - Reported and fixed by @tomekkowalczyk, tested/reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373
• fix #14449: Dynamic Content in emails - not all variants visible in editor by @Krishu0765 in https://github.com/mautic/mautic/pull/14966

Package Updates

[5.0.3]

• Update mautic to 6.0.3
• Full Changelog
• Fix dynamic content token replacement for external plugins by @biozshock in https://github.com/mautic/mautic/pull/14599
• Fix API bulk edit processing same contact multiple times by @biozshock in https://github.com/mautic/mautic/pull/14928
• Fix: Unable to upload assets with non-default file extensions by @andersonjeccel in https://github.com/mautic/mautic/pull/15111
• DPMMA-1020 Fix search email with special characters in campaign action by @patrykgruszka in https://github.com/mautic/mautic/pull/10306
• Fix campaign source widget text overflow handling by @kuzmany in https://github.com/mautic/mautic/pull/15055
• FIX: Removes onConfigSave which invokes htmlspecialchars and escapes tracking script by @putzwasser in https://github.com/mautic/mautic/pull/13859
• Fix custom field duplication when cloning contacts by @Hugo-Prossaird in https://github.com/mautic/mautic/pull/14780
• Fix refetchEntity call timing after Lead instance check by @kuzmany in https://github.com/mautic/mautic/pull/15051
• Fix error when saving contacts without points available by @npracht in https://github.com/mautic/mautic/pull/14714
• Fix: Pagination is now working on the Audit Log tab of a contact by @driskell in https://github.com/mautic/mautic/pull/15086

Package Updates

[5.1.0]

• checklist added to manifest

Package Updates

[5.1.1]

• Update mautic to 6.0.4
• Full Changelog
• Preserve selected company when contact has more than 100 companies in the list by @patrykgruszka in https://github.com/mautic/mautic/pull/15232
• Fix incorrectly encoded string value constants for ANSI SQL compatibility (6.x) by @notz in https://github.com/mautic/mautic/pull/15324
• Fix issue with read/write replicas by replacing improper executeQuery usage with executeStatement for data modification queries by @patrykgruszka

Package Updates

[5.1.2]

• Update mautic to 6.0.5
• Full Changelog
• This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
• https://www.cve.org/CVERecord?id=CVE-2025-9821 - SSRF via webhook function - Reported by @asesidaa and fixed by @patrykgruszka and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69
• https://www.cve.org/CVERecord?id=CVE-2025-9822 - Secret data extraction via elfinder - Reported by @B0D0B0P0T and fixed by @lenonleite and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w
• https://www.cve.org/CVERecord?id=CVE-2025-9824 - User Enumeration via Response Timing - Reported by @Vautia and fixed by @nick-vanpraet and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-3ggv-qwcp-j6xg
• https://www.cve.org/CVERecord?id=CVE-2025-9823 - Reflected XSS in lead:addLeadTags - Quick Add - Reported and fixed by @nmmorette and tested/reviewed by @kuzmany and @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-9v8p-m85m-f7mm
• DPMMA-2974 Fix Email chart stats for unsubscribed and bounced recipients by @patrykgruszka in #15315
• DPMMA-3186 Fix IMAP\Connection is already closed by @patrykgruszka in #15364
• Remove migration Version20230522141144 [6.0] by @matbcvo in #15385

Package Updates

[5.1.3]

• Update mautic to 6.0.6
• Full Changelog
• Number field seems to offer help but there are no tooltips showing. by @biozshock in #15308
• Fix form edit error with no group "adjust contact's point" action by @kou in #15452
• fix(Form): Correct key existence check in FieldType by @shinde-rahul in #15363
• Test to confirm empty values are applied to select and multiselect fields by @biozshock in #15358

Package Updates

[5.1.4]

• Update mautic to 6.0.7
• Full Changelog
• This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
• https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x - CVE-2025-13828 - Fixed privilege escalation vulnerability in Marketplace - Reported and fixed by @driskell, reviewed by @escopecz and @patrykgruszka.
• https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp - CVE-2025-13827 - Fixed file upload restriction bypass in GrapesJsBuilder - Reported and fixed by @driskell, reviewed by @escopecz and @patrykgruszka.
• Update dependencies for M6 by @patrykgruszka in #15666
• Bump guzzlehttp/oauth-subscriber to 0.8.1by @patrykgruszka in #15678

Package Updates

[5.1.5]

• Update mautic to 6.0.8
• Full Changelog
• This release addresses one security issue. Please update at your earliest convenience after taking a backup and ensuring that it's working.
• https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
• Update Composer development dependency phpunit/phpunit to fix CVE-2026-24765 #​15817 by @​escopecz