From 040cdad8bf3358388b6bd42b3cebb55e28d75c82 Mon Sep 17 00:00:00 2001 From: julitafalcondusza Date: Mon, 3 Mar 2025 14:55:44 +0100 Subject: [PATCH 1/3] Update v4.6.17 --- .../from_4.6/update_from_4.6.md | 24 +++++++++++++++++++ mkdocs.yml | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md index c7e4898c65..b68225dae8 100644 --- a/docs/update_and_migration/from_4.6/update_from_4.6.md +++ b/docs/update_and_migration/from_4.6/update_from_4.6.md @@ -249,3 +249,27 @@ Then, verify that Symfony Flex installed the versions you were using before. ## v4.6.16 No additional steps needed. + +## v4.6.17 + +### Security + +This release contains security fixes. +For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-001-vulnerabilities-). +For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. +If so, take appropriate action. + +#### CartOwner permission limitation exposes carts + +This fixes a critical vulnerability in the REST API regarding shopping carts. +There are no additional update steps to execute. + +#### Unauthorized user can cancel scheduled publish events + +It fixes vulnerability in publish scheduling, ensures that `edit/create` policies are correctly checked. +There are no additional update steps to execute. + +#### Dependency upgrades + +This release upgrades the requirements for Twig to v3.19 and PHPSpreadsheet to v1.29.9, resolving several vulnerabilities of varying severity in those dependencies. +There are no additional update steps to execute. diff --git a/mkdocs.yml b/mkdocs.yml index d9219759ec..217caa280a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -933,7 +933,7 @@ extra: latest_tag_4_3: '4.3.5' latest_tag_4_4: '4.4.4' latest_tag_4_5: '4.5.7' - latest_tag_4_6: '4.6.16' + latest_tag_4_6: '4.6.17' symfony_doc: 'https://symfony.com/doc/5.x' user_doc: 'https://doc.ibexa.co/projects/userguide/en/master' From d022e94da2e486b145b5a97a2934040389dfa5a9 Mon Sep 17 00:00:00 2001 From: julitafalcondusza Date: Tue, 4 Mar 2025 15:12:52 +0100 Subject: [PATCH 2/3] Fix --- docs/update_and_migration/from_4.6/update_from_4.6.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md index b68225dae8..10ef5d49f9 100644 --- a/docs/update_and_migration/from_4.6/update_from_4.6.md +++ b/docs/update_and_migration/from_4.6/update_from_4.6.md @@ -271,5 +271,5 @@ There are no additional update steps to execute. #### Dependency upgrades -This release upgrades the requirements for Twig to v3.19 and PHPSpreadsheet to v1.29.9, resolving several vulnerabilities of varying severity in those dependencies. -There are no additional update steps to execute. +This release upgrades the requirements for [Twig to v3.19](https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr) and [PHPSpreadsheet to v1.29.9](https://github.com/PHPOffice/PhpSpreadsheet/security), resolving several vulnerabilities of varying severity in those dependencies. +There are no additional update steps to execute. \ No newline at end of file From e1e2df6b8d132d3b401721393ba85b6125948b52 Mon Sep 17 00:00:00 2001 From: julitafalcondusza Date: Wed, 5 Mar 2025 07:19:28 +0100 Subject: [PATCH 3/3] Link added --- docs/update_and_migration/from_4.6/update_from_4.6.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md index 10ef5d49f9..784e5b336d 100644 --- a/docs/update_and_migration/from_4.6/update_from_4.6.md +++ b/docs/update_and_migration/from_4.6/update_from_4.6.md @@ -255,7 +255,7 @@ No additional steps needed. ### Security This release contains security fixes. -For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-001-vulnerabilities-). +For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-001-vulnerabilities-in-shopping-cart-and-publish-unscheduling). For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. If so, take appropriate action.