Merge commit from fork

* Update doc for 3.3.42 and 4.6.19

* Before initial review fixes

* Review fixes

* Bumped latest tag

* Changed the format of Rector commands

* Apply suggestions from code review

Co-authored-by: Gunnstein Lye <[email protected]>

* Review fixes

* Removed rector info

---------

Co-authored-by: Gunnstein Lye <[email protected]>

Author: mnocon

docs/update_and_migration/from_3.3/update_from_3.3.md

@@ -514,7 +514,7 @@ Adjust the web server configuration to prevent direct access to the `index.php`
 
 See [the updated Apache and nginx template files](https://github.com/ibexa/post-install/pull/70/files) for more information.
 
-### Removed `symfony/serializer-pack` dependency
+#### Removed `symfony/serializer-pack` dependency
 
 This release no longer directly requires the `symfony/serializer-pack` Composer dependency, which can remove some dependencies from your project during the update process.
 
@@ -526,6 +526,19 @@ composer require symfony/serializer-pack
 
 Then, verify that Symfony Flex installed the versions you were using before.
 
+### v3.3.42
+
+#### Security
+
+This release fixes a critical vulnerability in the [RichText field type](richtextfield.md).
+By entering a maliciously crafted input into the RichText field type's XML, the attacker could perform an attack using [XML external entity (XXE) injection](https://portswigger.net/web-security/xxe).
+To exploit this vulnerability, an attacker would need to have edit permission to content with RichText fields.
+
+For more information, see the [published security advisory IBEXA-SA-2025-002](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-002-xxe-vulnerability-in-richtext).
+
+Evaluate the vulnerability to determine whether you might have been affected.
+If so, take appropriate action.
+There are no additional update steps to execute.
 
 ## Finish the update
 

docs/update_and_migration/from_4.6/update_from_4.6.md

@@ -292,4 +292,18 @@ There are no additional update steps to execute.
 
 ## v4.6.18
 
-No additional steps needed.
+No additional steps needed.
+
+## v4.6.19
+
+### Security
+
+This release fixes a critical vulnerability in the [RichText field type](richtextfield.md).
+By entering a maliciously crafted input into the RichText field type's XML, the attacker could perform an attack using [XML external entity (XXE) injection](https://portswigger.net/web-security/xxe). 
+To exploit this vulnerability, an attacker would need to have edit permission to content with RichText fields.
+
+For more information, see the [published security advisory IBEXA-SA-2025-002](https://developers.ibexa.co/security-advisories/ibexa-sa-2025-002-xxe-vulnerability-in-richtext).
+
+Evaluate the vulnerability to determine whether you might have been affected.
+If so, take appropriate action.
+There are no additional update steps to execute.

mkdocs.yml

@@ -933,14 +933,14 @@ extra:
 
   # Global variables - latest tag versions
   latest_tag_2_5: '2.5.32'
-  latest_tag_3_3: '3.3.41'
+  latest_tag_3_3: '3.3.42'
   latest_tag_4_0: '4.0.8'
   latest_tag_4_1: '4.1.5'
   latest_tag_4_2: '4.2.4'
   latest_tag_4_3: '4.3.5'
   latest_tag_4_4: '4.4.4'
   latest_tag_4_5: '4.5.7'
-  latest_tag_4_6: '4.6.18'
+  latest_tag_4_6: '4.6.19'
 
   symfony_doc: 'https://symfony.com/doc/5.x'
   user_doc: 'https://doc.ibexa.co/projects/userguide/en/4.6'