Mautic 5.0.4

11 April 2024

Mautic version 5.0.4 is now available (security release).

What's New in Mautic 5.0.4

• CVE-2021-27915 - XSS Cross-site Scripting Stored in Description field - GHSA-2rc5-2755-v422
  
• CVE-2022-25774 - XSS in Notifications via saving Dashboards - GHSA-fhcx-f7jg-jx3f
  
• CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in GrapesJS builder - GHSA-9fcx-cv56-w58p
  
• CVE-2022-25775 - SQL Injection in dynamic Reports - GHSA-jj6w-2cqg-7p94
  
• CVE-2022-25776 - Sensitive Data Exposure due to inadequate user permission settings - GHSA-qjx3-2g35-6hv8
  
• CVE-2022-25777 - Server-Side Request Forgery in Asset section - GHSA-mgv8-w49f-822w
  

• Use object's timezone when comparing with 'now' in DateTimeHelper by @patrykgruszka in #13320
  
• Fix form api create without post action parameter by @kuzmany in #13410
  
• Fix Autowiring Dependency for PushToIntegrationTrait by @patrykgruszka in #13470
  
• Fix for Grapesjs-Mjml self-closing tag issue by @patrykgruszka in #13431
  
• The API defines Contacts not Contact causing the API to not receive the correct mapping by @mallezie in #13208
  
• Add memory limit to run test maria db by @lenonleite in #13622