Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts
EZSA-2020-005: Editor XSS, and trashed drafts in review queue
EZSA-2020-004: Object Injection in SiteAccessMatchListener
EZSA-2020-003: XSS in DemoBundle/ezdemo bundled VideoJS
EZSA-2020-002: Unauthorised cache purge with misconfigured Fastly
EZSA-2020-001: Remote code execution in file uploads
EZSA-2019-008: Remote code execution in PHP-FPM
EZSA-2019-007: Prevent accepting app.php in URL in Platform.sh
EZSA-2019-006: Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
EZSA-2019-004: CSRF token in login form is disabled by default