Did you miss the Ibexa Summit? Experience it as if you were there — watch all the replays now!

Security Advisories

Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts - Security Reporters Hall of Fame

 

IBEXA-SA-2023-004: Unauthenticated deletion in recommendation engine

IBEXA-SA-2023-003: Path traversal vulnerability in Moment.js

IBEXA-SA-2023-002: User Settings are accessible on the front-end for the anonymous user

IBEXA-SA-2023-001: Symfony vulnerabilities - Session cookie leak, CSRF token fixation

IBEXA-SA-2022-009: Critical vulnerabilities in GraphQL, role assignment, CT editing, and drafts tooltips

IBEXA-SA-2022-008: The policy "taxonomy/assign" has no effect

IBEXA-SA-2022-007: Vulnerabilities in jQuery, Vue dependencies

IBEXA-SA-2022-006: Vulnerabilities in Page Builder, login, and Commerce

IBEXA-SA-2022-005: Vulnerabilities in Axios dependency

IBEXA-SA-2022-004: Ineffective object state limitation and Unauthenticated Fastly purge