Skip to content

Update from v4.6.x to v4.6.latest

Update the application

Note which version you actually have before starting.

First, run:

1
2
composer require ibexa/headless:4.6.14 --with-all-dependencies --no-scripts
composer recipes:install ibexa/headless --force -v
1
2
composer require ibexa/experience:4.6.14 --with-all-dependencies --no-scripts
composer recipes:install ibexa/experience --force -v
1
2
composer require ibexa/commerce:4.6.14 --with-all-dependencies --no-scripts
composer recipes:install ibexa/commerce --force -v

Then execute the instructions below starting from the version you're upgrading from.

v4.6.2

Database update

Run the following scripts:

1
mysql -u <username> -p <password> <database_name> < vendor/ibexa/installer/upgrade/db/mysql/ibexa-4.6.1-to-4.6.2.sql
1
psql <database_name> < vendor/ibexa/installer/upgrade/db/postgresql/ibexa-4.6.1-to-4.6.2.sql

v4.6.3

Notification config update

The configuration of the package ibexa/notifications has changed. This package is required by other packages, such as ibexa/connector-actito for Transactional emails, ibexa/payment, or ibexa/user.

If you are customizing the configuration of the ibexa/notifications package, and using SiteAccess aware configuration to change the Notification subscriptions, you have to manually change your configuration by using the new node name notifier instead of the old notifications.

For example, the following v4.6.2 config:

1
2
3
4
5
6
7
8
ibexa:
    system:
        my_siteacces_name:
            notifications: # old
                subscriptions:
                    Ibexa\Contracts\Shipping\Notification\ShipmentStatusChange:
                        channels:
                            - sms

becomes the following from v4.6.3:

1
2
3
4
5
6
7
8
ibexa:
    system:
        my_siteacces_name:
            notifier: # new
                subscriptions:
                    Ibexa\Contracts\Shipping\Notification\ShipmentStatusChange:
                        channels:
                            - sms

v4.6.4

Database update

Run the following scripts:

1
mysql -u <username> -p <password> <database_name> < vendor/ibexa/installer/upgrade/db/mysql/ibexa-4.6.3-to-4.6.4.sql
1
psql <database_name> < vendor/ibexa/installer/upgrade/db/postgresql/ibexa-4.6.3-to-4.6.4.sql

v4.6.8

To avoid deprecations when updating from an older PHP version to PHP 8.2 or 8.3, run the following commands:

1
2
composer config extra.runtime.error_handler "\\Ibexa\\Contracts\\Core\\MVC\\Symfony\\ErrorHandler\\Php82HideDeprecationsErrorHandler"
composer dump-autoload

v4.6.9

No additional steps needed.

v4.6.10

No additional steps needed.

v4.6.11

Ibexa Cloud

Update Platform.sh configuration for PHP and Varnish.

Generate new configuration with the following command:

1
composer ibexa:setup --platformsh

Review the changes applied to .platform.app.yaml and .platform/, merge with your custom settings if needed, and commit them to Git.

v4.6.12

If the new bundle ibexa/core-search has not been added by the recipes, enable it by adding the following line in config/bundles.php:

1
    Ibexa\Bundle\CoreSearch\IbexaCoreSearchBundle::class => ['all' => true],

v4.6.13

This release comes with a command to clean up duplicated entries in the ezcontentobject_attribute table, which were created due to an issue described in IBX-8562.

If you're affected, remove the duplicated entries by running the following command:

1
php bin/console ibexa:content:remove-duplicate-fields

Caution

Remember about proper database backup before running the command in the production environment.

You can customize the behavior of the command with the following options:

  • --batch-size or -b - number of attributes affected per iteration. Default value = 10000.
  • --max-iterations or -i - maximum iterations count. Default value = -1 (unlimited).
  • --sleep or -s - wait time between iterations, in milliseconds. Default value = 0.

v4.6.14

Security

This release contains security fixes. For more information, see the published security advisory. For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. If so, take appropriate action, for example by revoking passwords for all affected users.

BREACH vulnerability

The BREACH attack is a security vulnerability against HTTPS when using HTTP compression.

If you're using Varnish, update the VCL configuration to stop compressing both the Ibexa DXP's REST API and JSON responses from your backend. Fastly users are not affected.

Update Platform.sh configuration and scripts.

Generate new configuration with the following command:

1
composer ibexa:setup --platformsh

Review the changes, merge with your custom settings if needed, and commit them to Git before deployment.

Update your Varnish VCL file to align it with the vendor/ibexa/http-cache/docs/varnish/vcl/varnish6.vcl file.

Update your Varnish VCL file to align it with the vendor/ibexa/http-cache/docs/varnish/vcl/varnish7.vcl file. ```

If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed Content-Type in the web server configuration. For more information, see the updated Apache and nginx template configuration.

XSS in Content name pattern

There are no additional update steps to execute.

Outdated version of jQuery in ibexa/commerce-shop package

Only users of the old Commerce solution are affected. There are no additional update steps to execute.

Other changes

Disable translations of identifiers in Product Catalog's categories

The possibility of translating identifiers and parent information for the Categories in Product Catalog might lead to data consistency issues.

Disable it by running the following migration:

1
2
php bin/console ibexa:migrations:import vendor/ibexa/product-catalog/src/bundle/Resources/migrations/2024_07_25_07_00_non_translatable_product_categories.yaml --name=2024_07_25_07_00_non_translatable_product_categories.yaml
php bin/console ibexa:migrations:migrate --file=2024_07_25_07_00_non_translatable_product_categories.yaml

Update web server configuration

Adjust the web server configuration to prevent direct access to the index.php file when using URLs consisting of multiple path segments.

See the updated Apache and nginx template files for more information.