Alnitak Edition 6.0.2 Switch to the latest release
Published on: 16/06/2025
Announcing Mautic 6.0.2: Alnitak Edition
🔒Security release
This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
🔒Security fixes
- CVE-2025-5257 - Predictable Page Indexing Might Lead to Sensitive Data Exposure - Reported and fixed by @lenonleite and tested/reviewed by @escopecz and @kuzmany in GHSA-cqx4-9vqf-q3m8
- CVE-2024-47056 - Mautic does not shield .env files from web traffic - Reported by @r3ky, analyzed by @lenonleite fixed by @nick-vanpraet and tested/reviewed by @patrykgruszka in GHSA-h2wg-v8wg-jhxh
- CVE-2024-47057 - User name enumeration possible due to response time difference on password reset form - Reported and fixed by @tomekkowalczyk and reviewed by @patrykgruszka and @nick-vanpraet in GHSA-424x-cxvh-wq9p
- CVE-2024-47055 - Segment cloning doesn't have a proper permission check - Reported and fixed by @abhisekmazumdar and @nick-vanpraet and tested/reviewed by @patrykgruszka in GHSA-vph5-ghq3-q782
- CVE-2025-5256 - Open Redirect vulnerability on user unlock path - Reported and fixed by @tomekkowalczyk, tested/reviewed by @patrykgruszka and @nick-vanpraet in GHSA-6vx9-9r2g-8373
What's Changed
🐛 Bugs
🔄 Dynamic Content
- fix #14449: Dynamic Content in emails - not all variants visible in editor by @Krishu0765 in #14966
🪵 Full Changelog
SHA1(6.0.2.zip)= 72d03b92a7cada7ccb0842dc0e8e8888f15710b1
SHA1(6.0.2-update.zip)= 138a798979749ec50c24eeebdebfd0c15d7c8b9c