Merge commit from fork

* Update doc for 3.3.42 and 4.6.19

* Before initial review fixes

* Review fixes

* Bumped latest tag

* Changed the format of Rector commands

* Apply suggestions from code review

Co-authored-by: Gunnstein Lye <[email protected]>

* Review fixes

* Removed rector info

---------

Co-authored-by: Gunnstein Lye <[email protected]>

Author: mnocon

docs/update_and_migration/from_3.3/update_from_3.3.md

@@ -512,6 +512,31 @@ Adjust the web server configuration to prevent direct access to the `index.php`
 
 See [the updated Apache and nginx template files](https://github.com/ibexa/post-install/pull/70/files) for more information.
 
+#### Removed `symfony/serializer-pack` dependency
+
+This release no longer directly requires the `symfony/serializer-pack` Composer dependency, which can remove some dependencies from your project during the update process.
+
+If you rely on them in your project, for example by using Symfony's `ObjectNormalizer` to create your own REST endpoints, run the following command before updating [[= product_name_base =]] packages:
+
+``` bash
+composer require symfony/serializer-pack
+```
+
+Then, verify that Symfony Flex installed the versions you were using before.
+
+### v3.3.42
+
+#### Security
+
+This release fixes a critical vulnerability in the [RichText field type](richtextfield.md).
+By entering a maliciously crafted input into the RichText field type's XML, the attacker could perform an attack using [XML external entity (XXE) injection](https://portswigger.net/web-security/xxe).
+To exploit this vulnerability, an attacker would need to have edit permission to content with RichText fields.
+
+For more information, see the [published security advisory IBEXA-SA-2025-002](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-002-xxe-vulnerability-in-richtext).
+
+Evaluate the vulnerability to determine whether you might have been affected.
+If so, take appropriate action.
+There are no additional update steps to execute.
 
 ## Finish the update
 

docs/update_and_migration/from_4.6/update_from_4.6.md

@@ -276,4 +276,18 @@ There are no additional update steps to execute.
 
 ## v4.6.18
 
-No additional steps needed.
+No additional steps needed.
+
+## v4.6.19
+
+### Security
+
+This release fixes a critical vulnerability in the [RichText field type](richtextfield.md).
+By entering a maliciously crafted input into the RichText field type's XML, the attacker could perform an attack using [XML external entity (XXE) injection](https://portswigger.net/web-security/xxe). 
+To exploit this vulnerability, an attacker would need to have edit permission to content with RichText fields.
+
+For more information, see the [published security advisory IBEXA-SA-2025-002](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-002-xxe-vulnerability-in-richtext).
+
+Evaluate the vulnerability to determine whether you might have been affected.
+If so, take appropriate action.
+There are no additional update steps to execute.

mkdocs.yml

@@ -697,14 +697,14 @@ extra:
 
   # Global variables - latest tag versions
   latest_tag_2_5: '2.5.32'
-  latest_tag_3_3: '3.3.41'
+  latest_tag_3_3: '3.3.42'
   latest_tag_4_0: '4.0.8'
   latest_tag_4_1: '4.1.5'
   latest_tag_4_2: '4.2.4'
   latest_tag_4_3: '4.3.5'
   latest_tag_4_4: '4.4.4'
   latest_tag_4_5: '4.5.7'
-  latest_tag_4_6: '4.6.18'
+  latest_tag_4_6: '4.6.19'
 
   symfony_doc: 'https://symfony.com/doc/5.x'
   user_doc: 'https://doc.ibexa.co/projects/userguide/en/3.3'