**URGENT** Mobilizon: new release with security fixes

We have just released version 5.1.4 of Mobilizon that fixes multiple important security issues raised from a security audit we conducted.

We advise you to immediately upgrade your instance. Without the security patches, some vulnerabilities could be exploited to access private data. Details of the vulnerabilities are provided in the release note.

As usual, before updating, perform backups of database and files. If you can’t upgrade immediately, since some of the vulnerabilities require an authenticated user, temporarily disabling the registration option for new users can help to mitigate the risk.

If you are not part of the administrators’ team of your instance, please forward them this message.

If you have any question, feel free to reach out to us.

Regards

Is it known wether v4.1.0 is also affected and do you plan to backport security fixes there?

Older version are affected (there is no strong change from 4 to 5).
There will be no back-port from the maintenance team.
But it is possible - even if not effortless - to cherry pick the changes pointed by the release note.

Docker image is now available : https://hub.docker.com/r/kaihuri/mobilizon/tags