From abb49a1be91386f083b3987904975ef5ca20d830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Noco=C5=84?= Date: Thu, 28 Nov 2024 17:10:48 +0100 Subject: [PATCH] Update doc for 4.6.14 and 3.3.41 (#2553) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Updated 3.3 and 4.6 release variables * Added update instructions * Fixed headings * Formatting fixes * Added mention about Apache and Nginx * Heading changes * Fixed Varnish link * Reworded lack of update steps * Update docs/update_and_migration/from_3.3/update_from_3.3.md Co-authored-by: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> * Review: added BREACH explanantion and mentioned another webserver template change * Apply suggestions from code review Co-authored-by: Tomasz DÄ…browski <64841871+dabrt@users.noreply.github.com> * Applied review suggestions and added advisory links * Fixed typo * Review fixes - Content-Type, EOL space, command descripition fixed for 4.6 * Command fixes --------- Co-authored-by: Adrien Dupuis <61695653+adriendupuis@users.noreply.github.com> Co-authored-by: Tomasz DÄ…browski <64841871+dabrt@users.noreply.github.com> --- .../from_3.3/update_from_3.3.md | 74 +++++++++++++++++- .../from_4.6/update_from_4.6.md | 78 +++++++++++++++++-- mkdocs.yml | 4 +- 3 files changed, 148 insertions(+), 8 deletions(-) diff --git a/docs/update_and_migration/from_3.3/update_from_3.3.md b/docs/update_and_migration/from_3.3/update_from_3.3.md index 392548087c..c6212cc9d5 100644 --- a/docs/update_and_migration/from_3.3/update_from_3.3.md +++ b/docs/update_and_migration/from_3.3/update_from_3.3.md @@ -441,7 +441,79 @@ Run the following scripts: ### v3.3.40 -A command to deal with duplicated database entries, as reported in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562), will be available soon. +No additional steps needed. + +### v3.3.41 + +#### Security + +This release contains security fixes. +For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates). +For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. +If so, take appropriate action, for example by [revoking passwords](https://doc.ibexa.co/en/latest/users/passwords/#revoking-passwords) for all affected users. + +##### BREACH vulnerability + +The [BREACH](https://www.breachattack.com/) attack is a security vulnerability against HTTPS when using HTTP compression. + +If you're using Varnish, update the VCL configuration to stop compressing both the [[= product_name =]]'s REST API and JSON responses from your backend. +Fastly users are not affected. + +=== "Varnish on [[= product_name_cloud =]]" + + Update the Varnish configuration. + + Generate new configuration with the following command: + + ```bash + composer ibexa:setup --platformsh + ``` + + Review the changes, merge with your custom settings if needed, and commit them to Git before deployment. + +=== "Varnish 6" + + Update your Varnish VCL file to align it with the [`vendor/ezsystems/ezplatform-http-cache/docs/varnish/vcl/varnish5.vcl`](https://github.com/ezsystems/ezplatform-http-cache/blob/2.3/docs/varnish/vcl/varnish5.vcl) file. + +=== "Varnish 7" + + Update your Varnish VCL file to align it with the [`vendor/ezsystems/ezplatform-http-cache/docs/varnish/vcl/varnish7.vcl`](https://github.com/ezsystems/ezplatform-http-cache/blob/2.3/docs/varnish/vcl/varnish7.vcl) file. + ``` + +If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed `Content-Type` in the web server configuration. +For more information, see the [updated Apache and nginx template configuration](https://github.com/ibexa/post-install/pull/86/files). + +##### Outdated version of jQuery in ibexa/ezcommerce-shop package + +There are no additional update steps to execute. + +#### Other changes + +##### Remove duplicated entries in `ezcontentobject_attribute` table + +This release comes with a command to clean up duplicated entries in the `ezcontentobject_attribute` table, which were created due to an issue described in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562). + +If you're affected, remove the duplicated entries by running the following command: +``` bash +php bin/console ibexa:content:remove-duplicate-fields +``` + +!!! caution + + Remember about [**proper database backup**](backup.md) before running the command in the production environment. + +You can customize the behavior of the command with the following options: + +- `--batch-size` or `-b` - number of attributes affected per iteration. Default value = 10000. +- `--max-iterations` or `-i` - maximum iterations count. Default value = -1 (unlimited). +- `--sleep` or `-s` - wait time between iterations, in milliseconds. Default value = 0. + +##### Update web server configuration + +Adjust the web server configuration to prevent direct access to the `index.php` file when using URLs consisting of multiple path segments. + +See [the updated Apache and nginx template files](https://github.com/ibexa/post-install/pull/70/files) for more information. + ## Finish the update diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md index 6c18eba6da..a75ecceee4 100644 --- a/docs/update_and_migration/from_4.6/update_from_4.6.md +++ b/docs/update_and_migration/from_4.6/update_from_4.6.md @@ -147,9 +147,9 @@ If the new bundle `ibexa/core-search` has not been added by the recipes, enable ## v4.6.13 -This release comes with a command to clean up the duplicated entries in the `ezcontentobject_attribute` table, caused by the issue described in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562). +This release comes with a command to clean up duplicated entries in the `ezcontentobject_attribute` table, which were created due to an issue described in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562). -If you're affected you can remove the duplicated entries by running the following command: +If you're affected, remove the duplicated entries by running the following command: ``` bash php bin/console ibexa:content:remove-duplicate-fields ``` @@ -160,6 +160,74 @@ php bin/console ibexa:content:remove-duplicate-fields You can customize the behavior of the command with the following options: -- `batch-size` or `b` - number of attributes affected per iteration. Default value = 10000. -- `max-iterations` or `i` - max. iterations count (default or -1: unlimited). Default value = -1. -- `sleep` or `s` - wait time between iterations, in milliseconds. Default value = 0. +- `--batch-size` or `-b` - number of attributes affected per iteration. Default value = 10000. +- `--max-iterations` or `-i` - maximum iterations count. Default value = -1 (unlimited). +- `--sleep` or `-s` - wait time between iterations, in milliseconds. Default value = 0. + +## v4.6.14 + +### Security + +This release contains security fixes. +For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates). +For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. +If so, take appropriate action, for example by [revoking passwords](https://doc.ibexa.co/en/latest/users/passwords/#revoking-passwords) for all affected users. + +#### BREACH vulnerability + +The [BREACH](https://www.breachattack.com/) attack is a security vulnerability against HTTPS when using HTTP compression. + +If you're using Varnish, update the VCL configuration to stop compressing both the [[= product_name =]]'s REST API and JSON responses from your backend. +Fastly users are not affected. + +=== "Varnish on [[= product_name_cloud =]]" + + Update Platform.sh configuration and scripts. + + Generate new configuration with the following command: + + ```bash + composer ibexa:setup --platformsh + ``` + + Review the changes, merge with your custom settings if needed, and commit them to Git before deployment. + +=== "Varnish 6" + + Update your Varnish VCL file to align it with the [`vendor/ibexa/http-cache/docs/varnish/vcl/varnish6.vcl`](https://github.com/ibexa/http-cache/blob/4.6/docs/varnish/vcl/varnish6.vcl) file. + +=== "Varnish 7" + + Update your Varnish VCL file to align it with the [`vendor/ibexa/http-cache/docs/varnish/vcl/varnish7.vcl`](https://github.com/ibexa/http-cache//blob/4.6/docs/varnish/vcl/varnish7.vcl) file. + ``` + +If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed `Content-Type` in the web server configuration. +For more information, see the [updated Apache and nginx template configuration](https://github.com/ibexa/post-install/pull/86/files). + +#### XSS in Content name pattern + +There are no additional update steps to execute. + +#### Outdated version of jQuery in ibexa/ezcommerce-shop package + +Only users of the [old Commerce solution](update_from_4.3_old_commerce.md) are affected. +There are no additional update steps to execute. + +### Other changes + +#### Disable translations of identifiers in Product Catalog's categories + +The possibility of translating identifiers and parent information for the Categories in Product Catalog might lead to data consistency issues. + +Disable it by running the following migration: + +``` bash +php bin/console ibexa:migrations:import vendor/ibexa/product-catalog/src/bundle/Resources/migrations/2024_07_25_07_00_non_translatable_product_categories.yaml --name=2024_07_25_07_00_non_translatable_product_categories.yaml +php bin/console ibexa:migrations:migrate --file=2024_07_25_07_00_non_translatable_product_categories.yaml +``` + +#### Update web server configuration + +Adjust the web server configuration to prevent direct access to the `index.php` file when using URLs consisting of multiple path segments. + +See [the updated Apache and nginx template files](https://github.com/ibexa/post-install/pull/70/files) for more information. diff --git a/mkdocs.yml b/mkdocs.yml index aadab74ef0..d31e46fc98 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -922,14 +922,14 @@ extra: # Global variables - latest tag versions latest_tag_2_5: '2.5.32' - latest_tag_3_3: '3.3.40' + latest_tag_3_3: '3.3.41' latest_tag_4_0: '4.0.8' latest_tag_4_1: '4.1.5' latest_tag_4_2: '4.2.4' latest_tag_4_3: '4.3.5' latest_tag_4_4: '4.4.4' latest_tag_4_5: '4.5.7' - latest_tag_4_6: '4.6.13' + latest_tag_4_6: '4.6.14' symfony_doc: 'https://symfony.com/doc/5.4' user_doc: 'https://doc.ibexa.co/projects/userguide/en/master'