Mautic - Package Updates

Package Updates

[5.1.0]

Package Updates

[5.1.1]

Update mautic to 6.0.4
Full Changelog
Preserve selected company when contact has more than 100 companies in the list by @patrykgruszka in https://github.com/mautic/mautic/pull/15232
Fix incorrectly encoded string value constants for ANSI SQL compatibility (6.x) by @notz in https://github.com/mautic/mautic/pull/15324
Fix issue with read/write replicas by replacing improper executeQuery usage with executeStatement for data modification queries by @patrykgruszka

Package Updates

[5.1.2]

Update mautic to 6.0.5
Full Changelog
This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
https://www.cve.org/CVERecord?id=CVE-2025-9821 - SSRF via webhook function - Reported by @asesidaa and fixed by @patrykgruszka and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69
https://www.cve.org/CVERecord?id=CVE-2025-9822 - Secret data extraction via elfinder - Reported by @B0D0B0P0T and fixed by @lenonleite and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w
https://www.cve.org/CVERecord?id=CVE-2025-9824 - User Enumeration via Response Timing - Reported by @Vautia and fixed by @nick-vanpraet and tested/reviewed by @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-3ggv-qwcp-j6xg
https://www.cve.org/CVERecord?id=CVE-2025-9823 - Reflected XSS in lead:addLeadTags - Quick Add - Reported and fixed by @nmmorette and tested/reviewed by @kuzmany and @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-9v8p-m85m-f7mm
DPMMA-2974 Fix Email chart stats for unsubscribed and bounced recipients by @patrykgruszka in #15315
DPMMA-3186 Fix IMAP\Connection is already closed by @patrykgruszka in #15364
Remove migration Version20230522141144 [6.0] by @matbcvo in #15385

Package Updates

[5.1.3]

Update mautic to 6.0.6
Full Changelog
Number field seems to offer help but there are no tooltips showing. by @biozshock in #15308
Fix form edit error with no group "adjust contact's point" action by @kou in #15452
fix(Form): Correct key existence check in FieldType by @shinde-rahul in #15363
Test to confirm empty values are applied to select and multiselect fields by @biozshock in #15358

Package Updates

[5.1.4]

Update mautic to 6.0.7
Full Changelog
This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x - CVE-2025-13828 - Fixed privilege escalation vulnerability in Marketplace - Reported and fixed by @driskell, reviewed by @escopecz and @patrykgruszka.
https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp - CVE-2025-13827 - Fixed file upload restriction bypass in GrapesJsBuilder - Reported and fixed by @driskell, reviewed by @escopecz and @patrykgruszka.
Update dependencies for M6 by @patrykgruszka in #15666
Bump guzzlehttp/oauth-subscriber to 0.8.1by @patrykgruszka in #15678

Package Updates

[5.1.5]

Update mautic to 6.0.8
Full Changelog
This release addresses one security issue. Please update at your earliest convenience after taking a backup and ensuring that it's working.
https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
Update Composer development dependency phpunit/phpunit to fix CVE-2026-24765 #15817 by @escopecz

Package Updates

[6.0.0]

Update mautic to 7.0.0
Full Changelog
This app package requires Cloudron 9.2 which brings MySQL 8.4
Remove support for updating Mautic via the user interface by @matbcvo in #14689
Deprecating End of Life database versions, add support for more database versions by @mollux in #14836
Drop support for PHP 8.1 by @matbcvo in #14653
Removing the API limiter as the library is not maintained anymore by @escopecz in #14876
Removing support for AMQP queues by @escopecz in #14883
Upgrading to Symfony 7 by @escopecz in #14887
Remove Identify visitor by tracking url configuration setting by @kuzmany in #14974
Campaign import/export process by @levente999 in #14504 - this feature was funded by the NLNet Foundation.
Schedule sending for emails by @kuzmany in #14254
Projects - new way of grouping entities by @escopecz in #15002

Package Updates

[6.0.1]

Update mautic to 7.0.2
Full Changelog
Fix WebhookSubscriber "out of memory" issue. by @biozshock in #15881
Fix scheduling fields shown on edit page for segment emails by @matbcvo in #15914
Accept plugin updates for plugins where there are no Entity in the Pl by @biozshock in #15951
fix: Change detaching of leads and integration entities for Salesforce connection by @bastolen in #15948
Validate stronger the redirect URL for a form submit action by @kniziol in #15596
Fix regex operators on date fields causing DateTime parsing error by @matbcvo in #15986
Allow HTML in the Focus description field. by @biozshock in #16007
Fix removing filters from Email dynamic content. by @biozshock in #15953
https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
Fix save DWC form while WYSIWYG is in source code mode by @patrykgruszka in #15824

Package Updates

[6.1.0]

Update mautic to 7.1.1
Full Changelog
Fix include/exclude all operators for select fields by @patrykgruszka in #16012
If default_assetlimit is not set, use default_pagelimit parameter. by @biozshock in #16035
Contact timeline preview must use proper view. by @biozshock in #16034
Validate trusted hosts config variable. by @biozshock in #16006
Login throttling enabled by @fedys in #15651
S/MIME email signing by @escopecz in #15563
Optimistic locking for emails and pages by @fedys in #15774
Implement Message of the Day (MOTD) feature by @matbcvo in #15970
Prevent deletion of custom fields if they are in use by segments via API by @fedys in #15882
Prevent crash when campaign published time exceeds event interval by @escopecz in #15963

Package Updates

[6.1.1]

Cloudron Forum