Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts
IBEXA-SA-2022-005: Vulnerabilities in Axios dependency
IBEXA-SA-2022-004: Ineffective object state limitation and Unauthenticated Fastly purge
IBEXA-SA-2022-003: Symfony validation messages are not escaped
IBEXA-SA-2022-002: Vulnerability in node-sass
IBEXA-SA-2022-001: Image filenames sanitization
CVE-2021-44228: Log4j vulnerability
IBEXA-SA-2021-010: XSS in richtext custom tag attributes
IBEXA-SA-2021-009: Malicious code in NPM veged/coa
IBEXA-SA-2021-008: GraphQL authentication doesn't respect security config
IBEXA-SA-2021-007: JWT auth possible for disabled users. Username login handler can't be disabled.