Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts
IBEXA-SA-2024-005: Persistent XSS in RichText
IBEXA-SA-2024-004: DOM-based XSS in file upload
IBEXA-SA-2024-003: Vulnerability in image-optimizer dependency
IBEXA-SA-2024-002: File validation and workflow stages
IBEXA-SA-2024-001: Taxonomy Tree Controller fails to check permissions
IBEXA-SA-2023-006: Vulnerabilities in Symfony 5.4
IBEXA-SA-2023-005: Vulnerabilities in Solr search and file downloads
IBEXA-SA-2023-004: Unauthenticated deletion in recommendation engine
IBEXA-SA-2023-003: Path traversal vulnerability in Moment.js
IBEXA-SA-2023-002: User Settings are accessible on the front-end for the anonymous user
