New
Mautic Community 5.2.9
Announcing Mautic 5.2.9: Sterope Edition
🔒Security release
This release addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
🔒Security fixes
- https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x - CVE-2025-13828 Fixed privilege escalation vulnerability in Marketplace - Reported and fixed by @driskell, reviewed by @escopecz and @patrykgruszka.
- https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp - CVE-2025-13827 Fixed file upload restriction bypass in GrapesJsBuilder - Reported and fixed by @driskell, reviewed by @escopecz and @patrykgruszka.
🐛 Bugs
⬆️ Dependencies
- Bump guzzlehttp/oauth-subscriber to 0.8.1 (5.2) by @patrykgruszka in https://github.com/mautic/mautic/pull/15677
- Update JS dependencies for M5 by @patrykgruszka in https://github.com/mautic/mautic/pull/15665
- Upgrading dependencies for Mautic v5.2 by @Moongazer in https://github.com/mautic/mautic/pull/15656
🤖 DevOps
- Use lightweight Debian base image for devcontainer [5.2] by @matbcvo in https://github.com/mautic/mautic/pull/15561
- Add support to run DDEV on GitHub Codespaces by @adiati98 in https://github.com/mautic/mautic/pull/15515
SHA1(5.2.9.zip)= b32e60e866278fccdc25aeb1f865904777df09e9 SHA1(5.2.9-update.zip)= 8fd3708c9b85ef14c812e796f5f1dc42903aafc6