Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts - Security Reporters Hall of Fame
IBEXA-SA-2022-003: Symfony validation messages are not escaped
IBEXA-SA-2022-002: Vulnerability in node-sass
IBEXA-SA-2022-001: Image filenames sanitization
CVE-2021-44228: Log4j vulnerability
IBEXA-SA-2021-010: XSS in richtext custom tag attributes
IBEXA-SA-2021-009: Malicious code in NPM veged/coa
IBEXA-SA-2021-008: GraphQL authentication doesn't respect security config
IBEXA-SA-2021-007: JWT auth possible for disabled users. Username login handler can't be disabled.
IBEXA-SA-2021-006: Storage and legacy files accessible if path is known
IBEXA-SA-2021-005: Content object state fetch functions open to SQL injection
