Update v4.6.17 (#2650)

julitafalcondusza · julitafalcondusza · commit 4bc3033386dd · 2025-03-05T08:58:24.000+01:00
* Update v4.6.17

* Fix

* Link added
diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md
@@ -249,3 +249,27 @@ Then, verify that Symfony Flex installed the versions you were using before.
 ## v4.6.16
 
 No additional steps needed.
+
+## v4.6.17
+
+### Security
+
+This release contains security fixes.
+For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-001-vulnerabilities-in-shopping-cart-and-publish-unscheduling).
+For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected.
+If so, take appropriate action.
+
+#### CartOwner permission limitation exposes carts
+
+This fixes a critical vulnerability in the REST API regarding shopping carts.
+There are no additional update steps to execute.
+
+#### Unauthorized user can cancel scheduled publish events
+
+It fixes vulnerability in publish scheduling, ensures that `edit/create` policies are correctly checked.
+There are no additional update steps to execute.
+
+#### Dependency upgrades
+
+This release upgrades the requirements for [Twig to v3.19](https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr) and [PHPSpreadsheet to v1.29.9](https://github.com/PHPOffice/PhpSpreadsheet/security), resolving several vulnerabilities of varying severity in those dependencies.
+There are no additional update steps to execute.
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -932,7 +932,7 @@ extra:
   latest_tag_4_3: '4.3.5'
   latest_tag_4_4: '4.4.4'
   latest_tag_4_5: '4.5.7'
-  latest_tag_4_6: '4.6.16'
+  latest_tag_4_6: '4.6.17'
 
   symfony_doc: 'https://symfony.com/doc/5.x'
   user_doc: 'https://doc.ibexa.co/projects/userguide/en/master'
