| description | month_change |
|---|---|
Update your installation to the latest v4.6 version from an earlier v4.6 version. |
false |
Note which version you actually have before starting.
First, run:
=== "[[= product_name_headless =]]"
``` bash
composer require ibexa/headless:[[= latest_tag_4_6 =]] --with-all-dependencies --no-scripts
composer recipes:install ibexa/headless --force -v
```=== "[[= product_name_exp =]]"
``` bash
composer require ibexa/experience:[[= latest_tag_4_6 =]] --with-all-dependencies --no-scripts
composer recipes:install ibexa/experience --force -v
```=== "[[= product_name_com =]]"
``` bash
composer require ibexa/commerce:[[= latest_tag_4_6 =]] --with-all-dependencies --no-scripts
composer recipes:install ibexa/commerce --force -v
```Then execute the instructions below starting from the version you're upgrading from.
No additional steps needed.
Run the following scripts:
=== "MySQL"
``` bash
mysql -u <username> -p <password> <database_name> < vendor/ibexa/installer/upgrade/db/mysql/ibexa-4.6.1-to-4.6.2.sql
```=== "PostgreSQL"
``` bash
psql <database_name> < vendor/ibexa/installer/upgrade/db/postgresql/ibexa-4.6.1-to-4.6.2.sql
```The configuration of the package ibexa/notifications has changed.
This package is required by other packages, such as ibexa/connector-actito for Transactional emails, ibexa/payment, or ibexa/user.
If you are customizing the configuration of the ibexa/notifications package, and using SiteAccess aware configuration to change the Notification subscriptions, you have to manually change your configuration by using the new node name notifier instead of the old notifications.
For example, the following v4.6.2 config:
ibexa:
system:
my_siteacces_name:
notifications: # old
subscriptions:
Ibexa\Contracts\Shipping\Notification\ShipmentStatusChange:
channels:
- smsbecomes the following from v4.6.3:
ibexa:
system:
my_siteacces_name:
notifier: # new
subscriptions:
Ibexa\Contracts\Shipping\Notification\ShipmentStatusChange:
channels:
- smsRun the following scripts:
=== "MySQL"
``` bash
mysql -u <username> -p <password> <database_name> < vendor/ibexa/installer/upgrade/db/mysql/ibexa-4.6.3-to-4.6.4.sql
```=== "PostgreSQL"
``` bash
psql <database_name> < vendor/ibexa/installer/upgrade/db/postgresql/ibexa-4.6.3-to-4.6.4.sql
```No additional steps needed.
No additional steps needed.
No additional steps needed.
To avoid deprecations when updating from an older PHP version to PHP 8.2 or 8.3, run the following commands:
composer config extra.runtime.error_handler "\\Ibexa\\Contracts\\Core\\MVC\\Symfony\\ErrorHandler\\Php82HideDeprecationsErrorHandler"
composer dump-autoloadNo additional steps needed.
No additional steps needed.
Update Platform.sh configuration for PHP and Varnish.
Generate new configuration with the following command:
composer ibexa:setup --platformshReview the changes applied to .platform.app.yaml and .platform/,
merge with your custom settings if needed, and commit them to Git.
If the new bundle ibexa/core-search has not been added by the recipes, enable it by adding the following line in config/bundles.php:
Ibexa\Bundle\CoreSearch\IbexaCoreSearchBundle::class => ['all' => true],This release comes with a command to clean up duplicated entries in the ezcontentobject_attribute table, which were created due to an issue described in IBX-8562.
If you're affected, remove the duplicated entries by running the following command:
php bin/console ibexa:content:remove-duplicate-fields!!! caution
Remember about [**proper database backup**](backup.md) before running the command in the production environment.You can customize the behavior of the command with the following options:
--batch-sizeor-b- number of attributes affected per iteration. Default value = 10000.--max-iterationsor-i- maximum iterations count. Default value = -1 (unlimited).--sleepor-s- wait time between iterations, in milliseconds. Default value = 0.
This release contains security fixes. For more information, see the published security advisory. For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. If so, take appropriate action, for example by revoking passwords for all affected users.
The BREACH attack is a security vulnerability against HTTPS when using HTTP compression.
If you're using Varnish, update the VCL configuration to stop compressing both the [[= product_name =]]'s REST API and JSON responses from your backend. Fastly users are not affected.
=== "Varnish on [[= product_name_cloud =]]"
Update Platform.sh configuration and scripts.
Generate new configuration with the following command:
```bash
composer ibexa:setup --platformsh
```
Review the changes, merge with your custom settings if needed, and commit them to Git before deployment.=== "Varnish 6"
Update your Varnish VCL file to align it with the [`vendor/ibexa/http-cache/docs/varnish/vcl/varnish6.vcl`](https://github.com/ibexa/http-cache/blob/4.6/docs/varnish/vcl/varnish6.vcl) file.=== "Varnish 7"
Update your Varnish VCL file to align it with the [`vendor/ibexa/http-cache/docs/varnish/vcl/varnish7.vcl`](https://github.com/ibexa/http-cache//blob/4.6/docs/varnish/vcl/varnish7.vcl) file.
```If you're not using a reverse proxy like Varnish or Fastly, adjust the compressed Content-Type in the web server configuration.
For more information, see the updated Apache and nginx template configuration.
There are no additional update steps to execute.
Only users of the old Commerce solution are affected. There are no additional update steps to execute.
The possibility of translating identifiers and parent information for the Categories in Product Catalog might lead to data consistency issues.
Disable it by running the following migration:
php bin/console ibexa:migrations:import vendor/ibexa/product-catalog/src/bundle/Resources/migrations/2024_07_25_07_00_non_translatable_product_categories.yaml --name=2024_07_25_07_00_non_translatable_product_categories.yaml
php bin/console ibexa:migrations:migrate --file=2024_07_25_07_00_non_translatable_product_categories.yamlAdjust the web server configuration to prevent direct access to the index.php file when using URLs consisting of multiple path segments.
See the updated Apache and nginx template files for more information.
This release no longer directly requires the symfony/orm-pack and symfony/serializer-pack Composer dependencies, which can remove some dependencies from your project during the update process.
If you rely on them in your project, for example by using Symfony's ObjectNormalizer to create your own REST endpoints, run the following command before updating [[= product_name_base =]] packages:
composer require symfony/serializer-pack symfony/orm-packThen, verify that Symfony Flex installed the versions you were using before.
No additional steps needed.
This release contains security fixes. For more information, see the published security advisory. For each of the following fixes, evaluate the vulnerability to determine whether you might have been affected. If so, take appropriate action.
This release fixes a critical vulnerability in the REST API regarding shopping carts. There are no additional update steps to execute.
This release fixes vulnerability in publish scheduling, ensures that edit/create policies are correctly checked.
There are no additional update steps to execute.
This release upgrades the requirements for Twig to v3.19 and PHPSpreadsheet to v1.29.9, resolving several vulnerabilities of varying severity in those dependencies. There are no additional update steps to execute.
No additional steps needed.
This release fixes a critical vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText field type's XML, the attacker could perform an attack using XML external entity (XXE) injection. To exploit this vulnerability, an attacker would need to have edit permission to content with RichText fields.
For more information, see the published security advisory IBEXA-SA-2025-002.
Evaluate the vulnerability to determine whether you might have been affected. If so, take appropriate action. There are no additional update steps to execute.
The new Ibexa Rector package is now available. It's an optional package based on Rector and comes with additional rules for working with Ibexa code.
You can use it to get rid of PHP code deprecations and start preparing your project for the next major release.
!!! note
[[= product_name_base =]] Rector requires PHP 8.3 and you must upgrade your codebase first.
To do it, you can use Rector and the [existing PHP upgrade sets](https://getrector.com/documentation/integration-to-new-project#content-2-upgrade-php-first).To get started with [[= product_name_base =]] Rector, execute the following steps:
- Add the Composer dependency:
composer require --dev ibexa/rector:^4.6-
Adjust the created
rector.phpconfiguration file to match your project structure -
Run Rector in the dry-run mode to preview the changes:
vendor/bin/rector --dry-run- Run Rector:
vendor/bin/rector[[% include 'snippets/update/notify_support.md' %]]
With the product updated to the latest version, you can now finish the update process or proceed to updating the LTS Updates packages.
LTS Updates are standalone packages with their own update procedures. To use the latest features added to them, update them separately with the following commands:
=== "AI actions"
```bash
composer require ibexa/connector-ai:[[= latest_tag_4_6 =]] ibexa/connector-openai:[[= latest_tag_4_6 =]]
```=== "Date and time attribute"
```bash
composer require ibexa/product-catalog-date-time-attribute:[[= latest_tag_4_6 =]]
```