Merope Edition 5.2.3 Switch to the latest release
Published on: 26/02/2025
Last update: 13/05/2025
Announcing Mautic 5.2.3: Merope Edition
πSecurity release
This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
What's Changed
π Security fixes
- CVE-2024-47053 - Improper Authorization in Reporting API - Reported by @putzwasser, fixed by @lenonleite and tested/reviwed by @escopecz and @patrykgruszka in GHSA-8xv7-g2q3-fqgc
- CVE-2022-25773 - Relative Path Traversal in assets file upload - Reported by @majkelstick and @patrykgruszka, fixed by @patrykgruszka and tested/reviewed by @escopecz and @lenonleite in GHSA-4w2w-36vm-c8hf
- CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads - Reported by @mallo-m, fixed by @lenonleite and tested/reviewed by @patrykgruszka in GHSA-73gx-x7r9-77x2
π Bugs
π Campaigns
- Duplicate title on campaign source change by @Hugo-Prossaird in #14615
π CKEditor
π Dashboard
π Email
- DPMMA-3031 Configurable email address length limit to prevent delivery issues by @patrykgruszka in #14577
- Email click tracking fix, PHP warning fix by @escopecz in #14540
- fix: Email preview now works again even if unpublished or expired by @driskell in #14525
- Check permission on original entity for email cloning. by @mallezie in #14580
- DPMMA-2957 Prevent ORM error when sending multiple messages to one Lead by @patrykgruszka in #14247
π Focus items
- Focus Builder placeholder overlaps the modal preview by @Hugo-Prossaird in #14568
π Forms
- fix: too much padding for select input with form-control class by @Hugo-Prossaird in #14569
- FIX: Ignoring of custom option list for mapped fields (#14117) by @abhisekmazumdar in #14560
π Segments
π¨ User experience / user interface
- [UI] Move Help to top navbar-right by @andersonjeccel in #14582
- Point Trigger edit and delete buttons are not visible #14412 by @rishithreddy89 in #14617
πͺ΅ Full Changelog
Full Changelog: 5.2.2...5.2.3