Alexander-Schranz
Alexander Schranz
Core Developer – Sulu GmbH
Core developer and support king. So dedicated to his work that we couldn't find a hobby to mention.
@alex_s_

Sulu Release 2.4.14 & 2.5.10 (Security release)

We're happy to bring you two new versions of Sulu: 2.4.14 and 2.5.10! These updates bring a number of fixes and improvements to Sulu. They also include a security fix.

Security Patch for Sulu 2.5 and Symfony 6

Support for Symfony 6 required a change in the handling of Login inside Symfony, which triggered another exception when the password didn't match but the user still existed. This way it was possible to find out if a specific username or email address existed in the system. With this release this security bug was fixed. Thanks to s23hck, who reported this over the official security channel.

Sulu versions using 2.4 are not affected by this security vulnerability.

Conflicting Doctrine/ORM 2.16.0

The current Doctrine/ORM version is chosen because of backwards compatibility issues with Sulu. The Doctrine team is already working on fixes for it. Until then, Sulu developers who are not updating to 2.4.14 or 2.5.10 need to configure their composer.json file for Doctrine/ORM 2.16.0.

Another Doctrine-releated issue is a change inside the stof extension bundle, which now requires configuring a cache. 

# Read the documentation: https://symfony.com/doc/current/bundles/StofDoctrineExtensionsBundle/index.html
# See the official DoctrineExtensions documentation for more details: https://github.com/doctrine-extensions/DoctrineExtensions/tree/main/doc
stof_doctrine_extensions:
    default_locale: '%default_locale%'

when@prod: &prod
    stof_doctrine_extensions:
        # fix issue with gedmo/extensions 1.8.0 and stof/doctrine-extensions-bundle: 3.12.0
        # @see https://github.com/stof/StofDoctrineExtensionsBundle/issues/457
        metadata_cache_pool: doctrine.system_cache_pool

when@stage: *prod

Improvements

Thanks to contributors mamazu, rs2487,  maikrosenthal, and Jupi007 for their external contributions, which have improved and fixed various issues. The full changelog can be found here.

What is coming next?

Currently, we are not only working on version 2.6, but also continuing to polish more bundles. We want to release the SuluCommentBundle and bring Symfony 6 compatibility to the SuluCommunityBundle, and we're planning another bug fix release for the SuluFormBundle.

We are happy to hear your feedback about newly released features and bug fixes. Feel free to create an issue or a discussion on GitHub for bugs and feature requests. You can also contact us via Slack or our website anytime.