Mautic 5.1.1: Alpheratz Edition
🔒Security release
This release bumps some of our dependencies and also addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
What's Changed
🔒 Security fixes
CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc.
CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasha in GHSA-xv68-rrmw-9xwf.
CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7.
CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2.
CVE-2024-47059 - User enumeration through weak password login prompt - reported and fixed by @tomekkowalczyk and tested/reviewed by @escopecz and @patrykgruszka in GHSA-8vff-35qm-qjvv.
CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruzska in GHSA-qf6m-6m4g-rmrc.
Twig library update by @escopecz in #1411
🐛 Bugs
- DPMMA-1020 Fix search email with special characters in campaign action by @patrykgruszka in #10306
- Improve grammar for unhide by @RCheesley in #13835
- [UI] Hide profile picture if missing by @andersonjeccel in #13838
- FIX: Removes onConfigSave which invokes htmlspecialchars and escapes tracking script by @putzwasser in #13859
- Fix critical error in segment details by @Frettyl in #13862
- FIX: Makes
anniversarydate filter compatible with datetime by @putzwasser in #13871 - [UI] fix CSS flexbox broken in campaign insert clone view by @andersonjeccel in #13878
- Fix for update read_count in email entity. by @abhisekmazumdar in #13915
- Fix generatePageTitle to retrieve the correct page header tag. by @abhisekmazumdar in #13921
- fix [DPMMA-2661] mapped field form 5.1 by @tomekkowalczyk in #13938
- fix: attribution tooltip meaning by @andersonjeccel in #13943
- fix: focus item published by @andersonjeccel in #13944
- Fix: Create custom fields for lookup list. by @abhisekmazumdar in #13946
- Replace SVG avatar with PNG for Gravatar compatibility. by @abhisekmazumdar in #13956
- Fix typo in permission key for Mautic Social Bundle - Change "tweet" to "tweets" by @matbcvo in #13967
- DPMMA-2679 Fix: Letters disappear when searching for emails to send in Campaign Builder by @patrykgruszka in #14032
- [UI] Fix translation for dashboard widgets dropdown by @andersonjeccel in #14039
- Fix Encoding Issues with Special Characters in Segment Names by @PatrickJenkner in #14062
💖 New Contributors
- @Frettyl made their first contribution in #13862
- @hugoprossaird made their first contribution in #13768
- @matbcvo made their first contribution in #13967
🪵 Changelog
Full Changelog: 5.1.0...5.1.1
SHA1(5.1.1.zip)= 88901830aee7a4770dccdaeff4ea76723dabdefb
SHA1(5.1.1-update.zip)= 6654537b692976c9d49b499fa6c326b2b6d4eeff
