Security advisory: IBEXA-SA-2022-008

The policy "taxonomy/assign" has no effect
Publication date:
07/10/2022, 16:03


Affected versions: ibexa/taxonomy v4.2.*
Resolving versions: ibexa/taxonomy v4.2.2

This vulnerability affects taxonomy in Ibexa Content, Experience and Commerce v4.2. Content Items can be assigned to tags even if the user does not have the "taxonomy/assign" policy. The fix ensure the policy is enforced as it should. It is included in Ibexa Content, Experience and Commerce v4.2.2, which were released today.

Have you found a security bug in Ibexa DXP? See how to report it responsibly here:

All security advisories