Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update doc for 4.6.14 and 3.3.41 #2553

Merged
merged 15 commits into from
Nov 28, 2024
74 changes: 73 additions & 1 deletion docs/update_and_migration/from_3.3/update_from_3.3.md
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,79 @@

### v3.3.40

A command to deal with duplicated database entries, as reported in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562), will be available soon.
No additional steps needed.

### v3.3.41

#### Security

This release contains security fixes.
For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates).
For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected.
If so, take appropriate action, for example by [revoking passwords](https://doc.ibexa.co/en/latest/users/passwords/#revoking-passwords) for all affected users.

Check warning on line 452 in docs/update_and_migration/from_3.3/update_from_3.3.md

View workflow job for this annotation

GitHub Actions / vale

[vale] docs/update_and_migration/from_3.3/update_from_3.3.md#L452

[Ibexa.EOLWhitespace] Remove whitespace characters from the end of the line.
Raw output
{"message": "[Ibexa.EOLWhitespace] Remove whitespace characters from the end of the line.", "location": {"path": "docs/update_and_migration/from_3.3/update_from_3.3.md", "range": {"start": {"line": 452, "column": 111}}}, "severity": "WARNING"}

##### <abbr title="Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext">BREACH</abbr> vulnerability

The [BREACH](https://www.breachattack.com/) attack is a security vulnerability against HTTPS when using HTTP compression.

If you're using Varnish, update the VCL configuration to stop compressing both the [[= product_name =]]'s REST API and JSON responses from your backend.
adriendupuis marked this conversation as resolved.
Show resolved Hide resolved
Fastly users are not affected.

=== "Varnish on [[= product_name_cloud =]]"

Update the Varnish configuration.

Generate new configuration with the following command:

```bash
composer ibexa:setup --platformsh
```

Review the changes, merge with your custom settings if needed, and commit them to Git before deployment.

=== "Varnish 6"

Update your Varnish VCL file to align it with the [`vendor/ezsystems/ezplatform-http-cache/docs/varnish/vcl/varnish5.vcl`](https://github.com/ezsystems/ezplatform-http-cache/blob/2.3/docs/varnish/vcl/varnish5.vcl) file.

=== "Varnish 7"

Update your Varnish VCL file to align it with the [`vendor/ezsystems/ezplatform-http-cache/docs/varnish/vcl/varnish7.vcl`](https://github.com/ezsystems/ezplatform-http-cache/blob/2.3/docs/varnish/vcl/varnish7.vcl) file.
```

If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed `Content-Type` in the web server configuration.
For more information, see the [updated Apache and nginx template configuration](https://github.com/ibexa/post-install/pull/86/files).

##### Outdated version of jQuery in ibexa/ezcommerce-shop package

There are no additional update steps to execute.

Check warning on line 488 in docs/update_and_migration/from_3.3/update_from_3.3.md

View workflow job for this annotation

GitHub Actions / vale

[vale] docs/update_and_migration/from_3.3/update_from_3.3.md#L488

[Ibexa.UnclearAntecedent] Instead of 'There are', try starting this sentence with a specific subject and verb.
Raw output
{"message": "[Ibexa.UnclearAntecedent] Instead of 'There are', try starting this sentence with a specific subject and verb.", "location": {"path": "docs/update_and_migration/from_3.3/update_from_3.3.md", "range": {"start": {"line": 488, "column": 1}}}, "severity": "WARNING"}
#### Other changes

##### Remove duplicated entries in `ezcontentobject_attribute` table
mnocon marked this conversation as resolved.
Show resolved Hide resolved

This release comes with a command to clean up duplicated entries in the `ezcontentobject_attribute` table, which were created due to an issue described in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562).

If you're affected, remove the duplicated entries by running the following command:
``` bash
php bin/console ibexa:content:remove-duplicate-fields
```

!!! caution

Remember about [**proper database backup**](backup.md) before running the command in the production environment.

You can customize the behavior of the command with the following options:

- `--batch-size` or `-b` - number of attributes affected per iteration. Default value = 10000.
- `--max-iterations` or `-i` - maximum iterations count. Default value = -1 (unlimited).
- `--sleep` or `-s` - wait time between iterations, in milliseconds. Default value = 0.

##### Update web server configuration

Adjust the web server configuration to prevent direct access to the `index.php` file when using URLs consisting of multiple path segments.

See [the updated Apache and nginx template files](https://github.com/ibexa/post-install/pull/70/files) for more information.


## Finish the update

Expand Down
78 changes: 73 additions & 5 deletions docs/update_and_migration/from_4.6/update_from_4.6.md
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,9 @@

## v4.6.13

This release comes with a command to clean up the duplicated entries in the `ezcontentobject_attribute` table, caused by the issue described in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562).
This release comes with a command to clean up duplicated entries in the `ezcontentobject_attribute` table, which were created due to an issue described in [IBX-8562](https://issues.ibexa.co/browse/IBX-8562).

If you're affected you can remove the duplicated entries by running the following command:
If you're affected, remove the duplicated entries by running the following command:
``` bash
php bin/console ibexa:content:remove-duplicate-fields
```
Expand All @@ -160,6 +160,74 @@

You can customize the behavior of the command with the following options:

- `batch-size` or `b` - number of attributes affected per iteration. Default value = 10000.
- `max-iterations` or `i` - max. iterations count (default or -1: unlimited). Default value = -1.
- `sleep` or `s` - wait time between iterations, in milliseconds. Default value = 0.
- `--batch-size` or `-b` - number of attributes affected per iteration. Default value = 10000.
- `--max-iterations` or `-i` - maximum iterations count. Default value = -1 (unlimited).
- `--sleep` or `-s` - wait time between iterations, in milliseconds. Default value = 0.

## v4.6.14

### Security

This release contains security fixes.
For more information, see [the published security advisory](https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates).
For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected.
If so, take appropriate action, for example by [revoking passwords](https://doc.ibexa.co/en/latest/users/passwords/#revoking-passwords) for all affected users.

#### <abbr title="Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext">BREACH</abbr> vulnerability

The [BREACH](https://www.breachattack.com/) attack is a security vulnerability against HTTPS when using HTTP compression.

If you're using Varnish, update the VCL configuration to stop compressing both the [[= product_name =]]'s REST API and JSON responses from your backend.
Fastly users are not affected.

=== "Varnish on [[= product_name_cloud =]]"

Update Platform.sh configuration and scripts.

Generate new configuration with the following command:

```bash
composer ibexa:setup --platformsh
```

Review the changes, merge with your custom settings if needed, and commit them to Git before deployment.

=== "Varnish 6"

Update your Varnish VCL file to align it with the [`vendor/ibexa/http-cache/docs/varnish/vcl/varnish6.vcl`](https://github.com/ibexa/http-cache/blob/4.6/docs/varnish/vcl/varnish6.vcl) file.

=== "Varnish 7"

Update your Varnish VCL file to align it with the [`vendor/ibexa/http-cache/docs/varnish/vcl/varnish7.vcl`](https://github.com/ibexa/http-cache//blob/4.6/docs/varnish/vcl/varnish7.vcl) file.
```

If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed `Content-Type` in the web server configuration.
For more information, see the [updated Apache and nginx template configuration](https://github.com/ibexa/post-install/pull/86/files).

#### XSS in Content name pattern

There are no additional update steps to execute.

Check warning on line 209 in docs/update_and_migration/from_4.6/update_from_4.6.md

View workflow job for this annotation

GitHub Actions / vale

[vale] docs/update_and_migration/from_4.6/update_from_4.6.md#L209

[Ibexa.UnclearAntecedent] Instead of 'There are', try starting this sentence with a specific subject and verb.
Raw output
{"message": "[Ibexa.UnclearAntecedent] Instead of 'There are', try starting this sentence with a specific subject and verb.", "location": {"path": "docs/update_and_migration/from_4.6/update_from_4.6.md", "range": {"start": {"line": 209, "column": 1}}}, "severity": "WARNING"}

#### Outdated version of jQuery in ibexa/ezcommerce-shop package

Only users of the [old Commerce solution](update_from_4.3_old_commerce.md) are affected.
There are no additional update steps to execute.

Check warning on line 214 in docs/update_and_migration/from_4.6/update_from_4.6.md

View workflow job for this annotation

GitHub Actions / vale

[vale] docs/update_and_migration/from_4.6/update_from_4.6.md#L214

[Ibexa.UnclearAntecedent] Instead of 'There are', try starting this sentence with a specific subject and verb.
Raw output
{"message": "[Ibexa.UnclearAntecedent] Instead of 'There are', try starting this sentence with a specific subject and verb.", "location": {"path": "docs/update_and_migration/from_4.6/update_from_4.6.md", "range": {"start": {"line": 214, "column": 1}}}, "severity": "WARNING"}

### Other changes

#### Disable translations of identifiers in Product Catalog's categories

The possibility of translating identifiers and parent information for the Categories in Product Catalog might lead to data consistency issues.

Disable it by running the following migration:

``` bash
php bin/console ibexa:migrations:import vendor/ibexa/product-catalog/src/bundle/Resources/migrations/2024_07_25_07_00_non_translatable_product_categories.yaml --name=2024_07_25_07_00_non_translatable_product_categories.yaml
php bin/console ibexa:migrations:migrate --file=2024_07_25_07_00_non_translatable_product_categories.yaml
```

#### Update web server configuration

Adjust the web server configuration to prevent direct access to the `index.php` file when using URLs consisting of multiple path segments.

See [the updated Apache and nginx template files](https://github.com/ibexa/post-install/pull/70/files) for more information.
4 changes: 2 additions & 2 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -923,14 +923,14 @@ extra:

# Global variables - latest tag versions
latest_tag_2_5: '2.5.32'
latest_tag_3_3: '3.3.40'
latest_tag_3_3: '3.3.41'
latest_tag_4_0: '4.0.8'
latest_tag_4_1: '4.1.5'
latest_tag_4_2: '4.2.4'
latest_tag_4_3: '4.3.5'
latest_tag_4_4: '4.4.4'
latest_tag_4_5: '4.5.7'
latest_tag_4_6: '4.6.13'
latest_tag_4_6: '4.6.14'

symfony_doc: 'https://symfony.com/doc/5.4'
user_doc: 'https://doc.ibexa.co/projects/userguide/en/master'
Expand Down