Mautic 5.2.3

25 February 2025

Mautic version 5.2.3 is now available (security release).

What's New in Mautic 5.2.3

• CVE-2024-47053 - Improper Authorization in Reporting API - Reported by @putzwasser, fixed by @lenonleite and tested/reviwed by @escopecz and @patrykgruszka in GHSA-8xv7-g2q3-fqgc
  
• CVE-2022-25773 - Relative Path Traversal in assets file upload - Reported by @majkelstick and @patrykgruszka, fixed by @patrykgruszka and tested/reviewed by @escopecz and @lenonleite in GHSA-4w2w-36vm-c8hf
  
• CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads - Reported by @mallo-m, fixed by @lenonleite and tested/reviewed by @patrykgruszka in GHSA-73gx-x7r9-77x2
  

• Duplicate title on campaign source change by @Hugo-Prossaird in #14615
  
• fix: Fix font selection in CKEditor not including fallback fonts in output by @driskell in #14539
  
• Fixing the audit log widget when a contact is deleted by @escopecz in #14541
  
• DPMMA-3031 Configurable email address length limit to prevent delivery issues by @patrykgruszka in #14577
  
• Email click tracking fix, PHP warning fix by @escopecz in #14540
  
• fix: Email preview now works again even if unpublished or expired by @driskell in #14525
  
• Check permission on original entity for email cloning. by @mallezie in #14580
  
• DPMMA-2957 Prevent ORM error when sending multiple messages to one Lead by @patrykgruszka in #14247
  
• Focus Builder placeholder overlaps the modal preview by @Hugo-Prossaird in #14568
  
• fix: too much padding for select input with form-control class by @Hugo-Prossaird in #14569
  
• FIX: Ignoring of custom option list for mapped fields (#14117) by @abhisekmazumdar in #14560
  
• Fixing segment building with default timezone by @escopecz in #14549
  
• [UI] Move Help to top navbar-right by @andersonjeccel in #14582
  
• Point Trigger edit and delete buttons are not visible #14412 by @rishithreddy89 in #14617