Update from v4.6.x to v4.6.latest¶
Update the application¶
Note which version you actually have before starting.
First, run:
1 2 |
|
1 2 |
|
1 2 |
|
Then execute the instructions below starting from the version you're upgrading from.
v4.6.2¶
Database update¶
Run the following scripts:
1 |
|
1 |
|
v4.6.3¶
Notification config update¶
The configuration of the package ibexa/notifications
has changed.
This package is required by other packages, such as ibexa/connector-actito
for Transactional emails, ibexa/payment
, or ibexa/user
.
If you are customizing the configuration of the ibexa/notifications
package, and using SiteAccess aware configuration to change the Notification
subscriptions, you have to manually change your configuration by using the new node name notifier
instead of the old notifications
.
For example, the following v4.6.2 config:
1 2 3 4 5 6 7 8 |
|
becomes the following from v4.6.3:
1 2 3 4 5 6 7 8 |
|
v4.6.4¶
Database update¶
Run the following scripts:
1 |
|
1 |
|
v4.6.8¶
To avoid deprecations when updating from an older PHP version to PHP 8.2 or 8.3, run the following commands:
1 2 |
|
v4.6.9¶
No additional steps needed.
v4.6.10¶
No additional steps needed.
v4.6.11¶
Ibexa Cloud¶
Update Platform.sh configuration for PHP and Varnish.
Generate new configuration with the following command:
1 |
|
Review the changes applied to .platform.app.yaml
and .platform/
,
merge with your custom settings if needed, and commit them to Git.
v4.6.12¶
If the new bundle ibexa/core-search
has not been added by the recipes, enable it by adding the following line in config/bundles.php
:
1 |
|
v4.6.13¶
This release comes with a command to clean up duplicated entries in the ezcontentobject_attribute
table, which were created due to an issue described in IBX-8562.
If you're affected, remove the duplicated entries by running the following command:
1 |
|
Caution
Remember about proper database backup before running the command in the production environment.
You can customize the behavior of the command with the following options:
--batch-size
or-b
- number of attributes affected per iteration. Default value = 10000.--max-iterations
or-i
- maximum iterations count. Default value = -1 (unlimited).--sleep
or-s
- wait time between iterations, in milliseconds. Default value = 0.
v4.6.14¶
Security¶
This release contains security fixes. For more information, see the published security advisory. For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. If so, take appropriate action, for example by revoking passwords for all affected users.
BREACH vulnerability¶
The BREACH attack is a security vulnerability against HTTPS when using HTTP compression.
If you're using Varnish, update the VCL configuration to stop compressing both the Ibexa DXP's REST API and JSON responses from your backend. Fastly users are not affected.
Update Platform.sh configuration and scripts.
Generate new configuration with the following command:
1 |
|
Review the changes, merge with your custom settings if needed, and commit them to Git before deployment.
Update your Varnish VCL file to align it with the vendor/ibexa/http-cache/docs/varnish/vcl/varnish6.vcl
file.
Update your Varnish VCL file to align it with the vendor/ibexa/http-cache/docs/varnish/vcl/varnish7.vcl
file.
```
If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed Content-Type
in the web server configuration.
For more information, see the updated Apache and nginx template configuration.
XSS in Content name pattern¶
There are no additional update steps to execute.
Outdated version of jQuery in ibexa/commerce-shop package¶
Only users of the old Commerce solution are affected. There are no additional update steps to execute.
Other changes¶
Disable translations of identifiers in Product Catalog's categories¶
The possibility of translating identifiers and parent information for the Categories in Product Catalog might lead to data consistency issues.
Disable it by running the following migration:
1 2 |
|
Update web server configuration¶
Adjust the web server configuration to prevent direct access to the index.php
file when using URLs consisting of multiple path segments.
See the updated Apache and nginx template files for more information.