Mautic 5.1.1

24 September 2024

Mautic version 5.1.1 is now available (security release).

What's New in Mautic 5.1.1

• CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc.
  
• CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasha in GHSA-xv68-rrmw-9xwf.
  
• CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7.
  
• CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2.
  
• CVE-2024-47059 - User enumeration through weak password login prompt - reported and fixed by @tomekkowalczyk and tested/reviewed by @escopecz and @patrykgruszka in GHSA-8vff-35qm-qjvv.
  
• CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruzska in GHSA-qf6m-6m4g-rmrc.
  

• DPMMA-1020 Fix search email with special characters in campaign action by @patrykgruszka in #10306
  
• Improve grammar for unhide by @RCheesley in #13835
  
• [UI] Hide profile picture if missing by @andersonjeccel in #13838
  
• FIX: Removes onConfigSave which invokes htmlspecialchars and escapes tracking script by @putzwasser in #13859
  
• Fix critical error in segment details by @Frettyl in #13862
  
• FIX: Makes anniversary date filter compatible with datetime by @putzwasser in #13871
  
• [UI] fix CSS flexbox broken in campaign insert clone view by @andersonjeccel in #13878
  
• Fix for update read_count in email entity. by @abhisekmazumdar in #13915
  
• Fix generatePageTitle to retrieve the correct page header tag. by @abhisekmazumdar in #13921
  
• fix [DPMMA-2661] mapped field form 5.1 by @tomekkowalczyk in #13938
  
• fix: attribution tooltip meaning by @andersonjeccel in #13943
  
• fix: focus item published by @andersonjeccel in #13944
  
• Fix: Create custom fields for lookup list. by @abhisekmazumdar in #13946
  
• Replace SVG avatar with PNG for Gravatar compatibility. by @abhisekmazumdar in #13956
  
• Fix typo in permission key for Mautic Social Bundle - Change "tweet" to "tweets" by @matbcvo in #13967
  
• DPMMA-2679 Fix: Letters disappear when searching for emails to send in Campaign Builder by @patrykgruszka in #14032
  
• [UI] Fix translation for dashboard widgets dropdown by @andersonjeccel in #14039
  
• Fix Encoding Issues with Special Characters in Segment Names by @PatrickJenkner in #14062