A major vulnerability has been identified during our annual pentest. As it also applies to our pim-community project, we decided to register a CVE entry (CVE-2022-46157). Please find below the details of the remediation of the vulnerability according to your PIM subscription and/or version.
Serenity (SaaS) user¶
If you are an Akeneo SaaS user (i.e, Serenity), the vulnerability has already been patched.
Flexibility (PaaS) user¶
We strongly advise you to apply our patch available here to your Apache server configuration according your operating system.
Feel free to contact your Akeneo Customer Success Manager if you have any question or need additional information on this subject.
Found a typo or a hole in the documentation and feel like contributing?
Join us on Github!